Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Accounts

NM
Honored Contributor II
Honored Contributor II

‎02/29/2024 09:50 AM

Hello All,

We have a requirement to create AD secondary account for the users apart from their personal account. It will be requested from Access Request page and provisioned in AD once after all approvals.

We are planning to create a separate endpoint, connection and SS to maintain those in saviynt system. Plus, we need to create the secondary accounts in a particular OU is it possible to add that in create account json?

Thanks

Labels:
0 Kudos
5 REPLIES 5

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎03/04/2024 01:38 AM

Hello @NM,

Yes, it is possible, You need to create a separate endpoint, connection and SS for your above case.
But please make sure that you mention the correct config in the ACCOUNTNAMERULE for creating the account in the different OU's as per your requirement and correct OBJECTFILTER for import.

sudeshjaiswal_0-1709544709220.png

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to sudeshjaiswal

‎03/04/2024 02:01 AM

Hi @sudeshjaiswal, didn't quite get the understanding on "Base" field in AD connector, when we are already defining the OU in account name rule.

NM_0-1709546484378.png

 

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎03/04/2024 11:05 PM

Hello @NM,

Recommeded to Define the same filter in BASE  (Used for Provisioning Operation) and SEARCHFILTER (Used for Import Operation), But it may vary depending on the requirement of your organization.

In the Accountnamerule, you can define the rule like :
if the user.department value is "ABC" move it to this " OU" else user.department value is "XYZ" move it different OU, but withing the same "BASE" as defined in the connection params.

Thats the reason BASE has to be defined when doing the provisioning operation. 

For Ref: - https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-... 

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to sudeshjaiswal

‎03/04/2024 11:21 PM

Hi @sudeshjaiswal Does it work in conjunction with check unique field.. because as per the AD connector document it says it "search for any user object in the entire domain to perform provisioining operation"

NM_0-1709623201149.png

 

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎03/04/2024 11:58 PM

Hello @NM,

Yes it works in conjunction with CHECKFORUNIQUE,  it will evaluate the uniqueness of an attribute in the endpoint on EIC before it get provisioned in AD.
For Ref :
https://docs.saviyntcloud.com/bundle/ADSI-v24x/page/Content/Configuring-the-Integration-for-Provisio... 

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos
Copyright © 2024 Khoros, LLC