Click HERE to see how Saviynt Intelligence is transforming the industry. |
02/29/2024 09:50 AM
Hello All,
We have a requirement to create AD secondary account for the users apart from their personal account. It will be requested from Access Request page and provisioned in AD once after all approvals.
We are planning to create a separate endpoint, connection and SS to maintain those in saviynt system. Plus, we need to create the secondary accounts in a particular OU is it possible to add that in create account json?
Thanks
03/04/2024 01:38 AM
Hello @NM,
Yes, it is possible, You need to create a separate endpoint, connection and SS for your above case.
But please make sure that you mention the correct config in the ACCOUNTNAMERULE for creating the account in the different OU's as per your requirement and correct OBJECTFILTER for import.
Thanks.
03/04/2024 02:01 AM
Hi @sudeshjaiswal, didn't quite get the understanding on "Base" field in AD connector, when we are already defining the OU in account name rule.
03/04/2024 11:05 PM
Hello @NM,
Recommeded to Define the same filter in BASE (Used for Provisioning Operation) and SEARCHFILTER (Used for Import Operation), But it may vary depending on the requirement of your organization.
In the Accountnamerule, you can define the rule like :
if the user.department value is "ABC" move it to this " OU" else user.department value is "XYZ" move it different OU, but withing the same "BASE" as defined in the connection params.
Thats the reason BASE has to be defined when doing the provisioning operation.
For Ref: - https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-...
Thanks.
03/04/2024 11:21 PM
Hi @sudeshjaiswal Does it work in conjunction with check unique field.. because as per the AD connector document it says it "search for any user object in the entire domain to perform provisioining operation"
03/04/2024 11:58 PM
Hello @NM,
Yes it works in conjunction with CHECKFORUNIQUE, it will evaluate the uniqueness of an attribute in the endpoint on EIC before it get provisioned in AD.
For Ref :
https://docs.saviyntcloud.com/bundle/ADSI-v24x/page/Content/Configuring-the-Integration-for-Provisio...