Saviynt Forums

Hi Everyone,

Need suggestion on the below requirement. 

We have 3 types of account U,X and SA account. The U account are normal user account which get added to user based on the birthright provisioning. X are the elevated account and SA are the Service account which would be requestable from ARS for the users. We have a OU structure like below all the user U account will be provisioned to respective location OUs. Under Common X_Accounts the X account has to be provisioned . And SA account has to be provisioned to Standard Controls OU under Service Account. And the groups are present in all the OU's under same User OU (they don't have any separate OU for groups)

Now the question is we need to have separate connection for this 3 account or can we have single connection ? The JSON and attribute value would be bit  different for X and SA account.

Few more requirements :

• For elevated accounts (adattributegroup= x), they should only be able to be added to elevated groups (include built-in) (adattributefrogroup = x).
• For standard accounts (adattributegroup=u) they should only be able to be added to standard groups (adattributefrogroup= “”).

   

• For service accounts (adattributegroup=S) they should only be able to be added to any group (elevated or standard).