Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD accout name in user's custom attributes

nitishdas
New Contributor
New Contributor

‎12/04/2023 10:48 PM

Hello,

Need help in updating the Active directory's account name into any of the custom property values of the user if possible.

Labels:
0 Kudos
10 REPLIES 10

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎12/05/2023 07:33 AM

Hello @nitishdas,

You can either use sav4sav connector to update user table or during account import map the account name into some user customproperty in the user_attribute json.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

rushikeshvartak
All-Star
All-Star

‎12/05/2023 06:29 PM

Below are possible options 

  • Use custom query - Not proposed & best practice
  • Use Sav4sav REST Connector to update users customproperty from accounts

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Mervinr
New Contributor
New Contributor

‎12/07/2023 03:32 AM

Hi Team,

Thanks for the reply, Currently we are usingSAV4SAV DB connector, in that we having some update query in updateuserjson as below:

Current Query

{"updateUserQry":["update users set customproperty1 = '${user.firstname}' ,updatedate = utc_timestamp(), customproperty64 = CASE WHEN comments like '%User Terminated By%' THEN 'Locked' ELSE ' ' END where userkey = ${user.id}"]}

And now are trying to add one more user's customproperty along with update query like below:

New Query

{"updateUserQry":["update users set customproperty1 = '${user.firstname}' ,updatedate = utc_timestamp(), customproperty64 = CASE WHEN comments like '%User Terminated By%' THEN 'Locked' ELSE ' ' END where userkey = ${user.id}",CUSTOMPROPERTY40 = (SELECT a.NAME FROM ACCOUNTS a INNER JOIN USER_ACCOUNTS ua ON ua.ACCOUNTKEY=a.ACCOUNTKEY INNER JOIN ENDPOINTS e ON e.endpointkey=a.endpointkey WHERE ua.USERKEY=USERKEY AND e.endpointname='Active Directory' and a.status = 1)]}

can you please confirm above condition look fine or not.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Mervinr

‎12/07/2023 10:10 AM

Query looks correct , I think you will trigger update user task from User update rule , if yes it will work


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Mervinr
New Contributor
New Contributor
In response to rushikeshvartak

‎12/20/2023 11:35 PM

Hi Team,

We tried the following option:

Updating the SAV4SAV DB connection using the query in updateaccount JSONand userupdatejson.

UPDATEACCOUNTJSON 

{"updateUserQry":["update users set CUSTOMPROPERTY42 = (SELECT a.NAME FROM ACCOUNTS a INNER JOIN USER_ACCOUNTS ua ON ua.ACCOUNTKEY=a.ACCOUNTKEY INNER JOIN ENDPOINTS e ON e.endpointkey=a.endpointkey WHERE ua.USERKEY=USERKEY AND e.endpointname='Active Directory' and a.status = 1)"]}

UPDATEUSERJSON

{"updateUserQry":["update users set customproperty1 = '${user.firstname}' ,updatedate = utc_timestamp(), customproperty64 = CASE WHEN comments like '%User Terminated By%' THEN 'Locked' ELSE ' ' END where userkey = ${user.id}, customproperty41 = (SELECT a.NAME FROM ACCOUNTS a INNER JOIN USER_ACCOUNTS ua ON ua.ACCOUNTKEY=a.ACCOUNTKEY INNER JOIN ENDPOINTS e ON e.endpointkey=a.endpointkey WHERE ua.USERKEY=USERKEY AND e.endpointname='Active Directory' and a.status = 1)"]}

Updating the AD connection user_attribute.

USER_ATTRIBUTE

 

[CUSTOMPROPERTY41::sAMAccountName#String]

We are not seeing the updated value in the user custom property value after there is a change in the account name.

If we are going with the analytic option, we need to schedule a job, and it should run on a daily basis. The client feels we are not burdening the instance.

Thanks

Mervin

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎12/07/2023 07:44 AM

Hello @Mervinr & @nitishdas,

The query appears fine.
However, there are two things to keep in mind:
Firstly, the updateuserjson function is triggered when you initiate an updateuser task or if want to perform an update through importing, then you should use the userimport json.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

Mervinr
New Contributor
New Contributor

‎12/07/2023 09:13 PM

Hi Team,

Thanks for prompt response, we are making changes in the AD (Samaccount name) and in next recon cycle this updated samaccount name come to account id into saviynt.

So now in this case we need to use accountupdate json in SAV4SAV DB connector, so that whenever there is change in account name it will trigger the query to make update to respective user table that we are mentioning in the query.

So can you please confirm we can with using accountupdate json instead of userupdate json in sav4sav DB connector.

 

Thanks

Mervin

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Mervinr

‎12/07/2023 09:22 PM

Then you need to generate task from analytics with action as 'Update Account'


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Mervinr
New Contributor
New Contributor

‎12/20/2023 11:36 PM

Hi Team,

We tried the following option:

Updating the SAV4SAV DB connection using the query in updateaccount JSONand userupdatejson.

UPDATEACCOUNTJSON

{"updateUserQry":["update users set CUSTOMPROPERTY42 = (SELECT a.NAME FROM ACCOUNTS a INNER JOIN USER_ACCOUNTS ua ON ua.ACCOUNTKEY=a.ACCOUNTKEY INNER JOIN ENDPOINTS e ON e.endpointkey=a.endpointkey WHERE ua.USERKEY=USERKEY AND e.endpointname='Active Directory' and a.status = 1)"]}

UPDATEUSERJSON

{"updateUserQry":["update users set customproperty1 = '${user.firstname}' ,updatedate = utc_timestamp(), customproperty64 = CASE WHEN comments like '%User Terminated By%' THEN 'Locked' ELSE ' ' END where userkey = ${user.id}, customproperty41 = (SELECT a.NAME FROM ACCOUNTS a INNER JOIN USER_ACCOUNTS ua ON ua.ACCOUNTKEY=a.ACCOUNTKEY INNER JOIN ENDPOINTS e ON e.endpointkey=a.endpointkey WHERE ua.USERKEY=USERKEY AND e.endpointname='Active Directory' and a.status = 1)"]}

Updating the AD connection user_attribute.

USER_ATTRIBUTE

 [CUSTOMPROPERTY41::sAMAccountName#String]

We are not seeing the updated value in the user custom property value after there is a change in the account name.

If we are going with the analytic option, we need to schedule a job, and it should run on a daily basis. The client feels we are not burdening the instance.

Thanks

Mervin

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Mervinr

‎12/20/2023 11:43 PM

You need to schedule the analytics job. limit analytics query such that where account name & users cp4 is not matching so records will be less and it wont be burden


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC