This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD group assigned to incorrect account using Entitlements With New Accounts

ZA
New Contributor III
New Contributor III

‎07/27/2023 07:34 AM - edited ‎07/27/2023 07:35 AM

Hi All,

I have a REST based app but we require an AD group to be assigned to the user when an account is created so I added the AD group in "Entitlements with New Accounts" in the endpoint. Normally this works perfectly fine but we have a group of users that have multiple AD accounts (privileged account and their normal employee account). Saviynt is assigning the AD group to their privileged account rather than their normal account. I'm not sure how Saviynt determines which of the 2 accounts to grant the access, maybe alphabetical order, not sure.

What can we do so that these users get the AD group to the correct account (or even both AD accounts should be fine)?

Labels:
0 Kudos
4 REPLIES 4

armaanzahir
Regular Contributor III
Regular Contributor III

‎07/27/2023 09:41 AM

Hi @ZA ,

We had encountered a similar issue in our instance where the entitlement configured as "Entitlements with new account" (which belonged to another AD application) got assigned to the application for which we configured the "Entitlements with new account".

There is an open ticket on this, and engineering work is in progress. 

For now, what you can do is create an actionable analytic which would detect that, if an account has been newly provisioned in app1(detection from the arstasks table), trigger an add access task for app2 and run this analytic on a scheduled frequency.

Configuring Allowed Actions (saviyntcloud.com)

Thanks,

Armaan

Regards,
Md Armaan Zahir

ZA
New Contributor III
New Contributor III
In response to armaanzahir

‎07/27/2023 09:45 AM

Hi @armaanzahir ,

I see. So those users also had multiple AD accounts and the entitlement was assigned to the wrong account?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to ZA

‎07/27/2023 02:06 PM

Saviynt does not able to classify or does not have configuration now that based on account type assigned entitlement on new account, hence you can resolve this using Actionable analytics. https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter17-EIC-Analytics/Managing-An... 

Please submit idea ticket for enhancement   https://ideas.saviynt.com/ideas


Regards,
Rushikesh Vartak
0 Kudos

armaanzahir
Regular Contributor III
Regular Contributor III

‎07/27/2023 09:51 AM

Yep 🙂

Regards,
Md Armaan Zahir
Copyright © 2023 Khoros, LLC