Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD OU and Group creation automatically

jdoma
Regular Contributor
Regular Contributor

‎10/26/2022 05:41 PM

Hi Forum,

We have a requirement that if there any user with new location identified, Saviynt needs to create an OU with particular location and a default group under the OU before creating account in AD. And the new user needs to provision with the newly created group as part of birthright provisioning. I could not get any leads on how to achieve this, requesting your feedback on whether Saviynt is capable to deal this and if yes, how to achieve this. 

Labels:
0 Kudos
2 REPLIES 2

avinashchhetri
Saviynt Employee
Saviynt Employee

‎10/26/2022 08:20 PM

@jdoma,

Saviynt does not support the creation of OU's in AD. The Group creation is something that Saviynt supports but that is not via a Technical rules but a different 'module' via the UI or the API.

 

 

Regards,
Avinash Chhetri
0 Kudos

rushikeshvartak
All-Star
All-Star

‎10/26/2022 08:48 PM

As mentioned by Avinash OU creation is not supported by saviynt however group creation can be.

on Broader way - OU creation should be done by AD Team as along with OU creation there organization policy will need to attach hence requirements will be complex in that sense.

Possible Solution 

you can create Ou using custom jar below is link for java code 

http://www.java2s.com/Code/Java/JNDI-LDAP/howtocreateanewsubcontextcalledouNewOuwithsomeattributes.h... 

once Ou is created using saviynt Api create group.

 

issue with above approach auditing of OU creation at saviynt level won’t be possible ( you can create custom log table )

since this too much customization & maintaining it suggested to check with client for alternate 

alternate solution use custom jar to send notifications to ad team in case ou/ group is not exists 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC