We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

AD ENDPOINTFILTER: how to exclude groups

Olesia
Regular Contributor
Regular Contributor

Hi,

is there a way to exclude some groups from the endpoint filter:

For example, we use a wildcard in the endpoint filter. All the groups starting with TST-Group1 (TST-Group1 , TST-Group11 , TST-Group12 ...) should go to the Endpoint1.

But here is an exclusion: all the groups starting CN=TST-Group17 should go to the Endpoint2

The endpoint filter should be smth like this, but this doesn't work:

{
"Endpoint1":[
{
"memberOf":[
"CN=TST-Group1%OU=Groups,OU=OU,DC=com%",
!"CN=TST-Group17%OU=Groups,OU=OU,DC=com%"
]
}
],
"Endpoint2":[
{
"memberOf":[
"CN=TST-Group2%OU=Groups,OU=OU,DC=com%",

"CN=TST-Group17%OU=Groups,OU=OU,DC=com%"
]
}
]
}

3 REPLIES 3

mayankshah
New Contributor III
New Contributor III

You can also use wildcards in the group name for importing groups using %. 

{
"Endpoint1":[
{
"memberOf":[
"CN=TST-Group1%,OU=Groups,OU=OU,DC=com%"]
}
],
"Endpoint2":[
{
"memberOf":[
"CN=TST-Group17%,OU=Groups,OU=OU,DC=com%"
]
}
]
}

 

Note: There was a no ',' after CN ends from your above code.

DaanishJawed
Saviynt Employee
Saviynt Employee

Hi @Olesia ,

The only option would be listing the entitlements separately in the endpoint filter and not mentioning the Group17 entitlement in Endpoint 1.

So it will look like this based on the JSON you shared.

{
"Endpoint1":[
{
"memberOf":[
"CN=TST-Group1,OU=Groups,OU=OU,DC=com%",
"CN=TST-Group11,OU=Groups,OU=OU,DC=com%",
"CN=TST-Group12,OU=Groups,OU=OU,DC=com%",
"CN=TST-Group13,OU=Groups,OU=OU,DC=com%",
"CN=TST-Group14,OU=Groups,OU=OU,DC=com%",
"CN=TST-Group15,OU=Groups,OU=OU,DC=com%",
"CN=TST-Group16,OU=Groups,OU=OU,DC=com%",
"CN=TST-Group18,OU=Groups,OU=OU,DC=com%",
]
}
],
"Endpoint2":[
{
"memberOf":[
"CN=TST-Group2%OU=Groups,OU=OU,DC=com%",
"CN=TST-Group17,OU=Groups,OU=OU,DC=com%",
]
}
]
}

In case, you are bringing entitlements in bulk, then it would be an enhancement request to exclude certain entitlements in the ENDPOINT_FILTER JSON. You can submit the enhancement request in the Ideas Portal - https://ideas.saviynt.com/ideas/

Thanks.

Olesia
Regular Contributor
Regular Contributor

Thank you for your replies,

I have created an enhancement idea: https://ideas.saviynt.com/ideas/EIC-I-4419