and more in a single search tool across platforms. Read the announcement here. |
03/08/2023 11:20 PM
Question on AD connector provisioning for AD group assignment : 1) Will a technical rule generate an add access task (for adding an AD group) for a user which does not have an AD account yet ? 2) will this add access task get provisioned successfully by automatically creating a new AD account for the user on AD endpoint in Saviynt EIC and on the AD application?
Bringing this to your attention
Solved! Go to Solution.
03/09/2023 01:15 AM
Hi @AnumitaL
Yes, it does work , it will automatically create a account as well as add that group to that user if the user is matching the technical rule to give access to AD group.
Thanks
Darshan
05/17/2023 05:15 AM
Quickly re-confirming, If there is an add access task present for a user for AD connector. the user does not have any account in the AD endpoint in Saviynt , or in the AD target system. Now once this add access task get provisioned by a wsretry job, will the AD connector create an account in AD target, before adding the access?
03/09/2023 08:14 AM
Hi Anumita,
This will work as mentioned by Darshan. However, You need to define an additional action in the technical rule to create the account for the AD endpoint along with assigning the group. Otherwise, it wouldn't generate any tasks for the user.
Below is the screenshot for your reference.
03/10/2023 06:17 AM
Thanks. My question is : in case the technical rule does not have the 'create account ' selected (it is being done through a different technical rule): then will the 'add access' action work in the technical rule?
03/10/2023 07:27 AM
Hi @AnumitaL
No if the account is not present for the user and if only add access action is present then it will not create the tasks for creating a account, so you need to keep both create account and add access.
Thanks
Darshan