Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/15/2022 06:06 AM
08/15/2022 06:43 AM
Q.1 - solution 1 -
You can write if else logic in logic in AD connection JSON. If your OU & DEPARTMENT name is same it will be easy.
Solution 2 - Create Dynamic Attribute on request form & write logic in SQL query with case when then logic & use dynamic attribute in connection.
Q2 - You can create 2 separate technical rule & achieve this use case.
Q3 - AD Group Creation required certain parameters to be passed & its having own approval process you can't merge account & group creation together.
However you can restrict user from creating account if user group is not created using access query or dynamic attribute.
Q4 - Use endpoint access query
Q5 - ${account_password} variable can ve used in email template
Q6 Refer create account json here right side is dynamic attribute name
Left side is target application attribute name & right side is saviynt attribute
"cn": "${CN_DynamicAttribute}"
Q7 - Endpoint filter is used when you want to split certain user group per application ( it will create endpoint as specified endpoints_filter) json. This is useful when you want different approval flow / certification / reports, etc application specific.
08/15/2022 07:40 AM
Thank you Rushikesh for the answers.
Regarding Q#1 - if we have 960 Departments , so we have to put 960 if else, or case statements ? no other way to achieve this ?
08/15/2022 07:46 AM
solution 1 -
You can write if else logic in logic in AD connection JSON. If your OU & DEPARTMENT name is same it will be easy.
Solution 2 - Create Dynamic Attribute on request form & write logic in SQL query with case when then logic & use dynamic attribute in connection.
Unfortunately you need to write logic for all department if your department name & OU name is different
08/15/2022 07:57 AM
Thanks again.
12/04/2022 07:09 PM
Suresh We also have the similar type requirement like yours
12/04/2022 08:55 PM
#1 if department name & OU name is same then its easy else you need maintain logic in json or using dynamic attribute you can achieve
#2 This can be achieved using rules and analytics report using de provision account action
12/09/2022 11:59 AM
Thank you, Rushikesh,
We do not want to have them hard coded is there any way we can do this as we might have the changes to the OU or Department want to see if this can be done by doing the lookup and update the value.
Suresh how did you implement this could you please share your experience.
Regards
12/09/2022 02:00 PM
There is no alternative
12/11/2022 08:44 PM
we have implemented as rushi suggested, please find ours below.
Dataset to store all OUs vs Locations
User Update Rule - Custom Action (Java Class) to Derive OU ( Based on above dataset and few other manipulations) and store into cp attribute
Pass that cpxx into accountname rule
12/11/2022 09:57 PM
If solutions working as expected then accept the solution for future audiences
02/09/2023 12:23 PM
We utilized the dataset and mapped the OU in the preprocessor based on the location.