Saviynt Forums

AtrayeeDutta · ‎02/08/2024

Hello Team,

We are currently working on a requirement that involves correlating Active Directory Service Accounts with their respective primary owners (using Rank 1 as the primary owner and Rank 2 as the secondary owner). As part of this process, we need to ensure that when a Rank 1 owner's employment is terminated, their ownership is automatically transferred to their manager. Additionally, the Rank1 owner's manager should be correlated with the Service Account.

We have successfully managed the transfer of ownership to the manager through a user update rule. However, there are two main tasks that we still require help with:

First, we are seeking guidance on properly associating the Rank 1 owner with the Service Account.
Second, upon termination of Rank1 owner we need to determine how to correlate the Rank 1 owner's manager effectively.

We came across a suggestion to use the Sav4Sav REST connector to achieve this, below is the link, would appreciate any guidance or assistance on how to proceed.
Service Account import from Active Directory - Saviynt Forums - 18679

Regards,

rushikeshvartak · ‎02/08/2024

You need to use saviynt REST API to achieve above use cases.

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

AtrayeeDutta · ‎02/08/2024

Could you please provide more details? We have attempted to implement a hardcoded solution, which successfully correlated the data. However, while trying to dynamically apply this solution, we encountered an error.

Here is the UpdateAccountJSON we used:

{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xxxxxxxxxxxxxxxxxxxx/ECM/api/v5/assignAccountToUser",
"httpMethod": "POST",
"httpParams": "{\"securitysystem\": \"Active_Directory\", \"endpoint\": \"Active_Directory\", \"accountname\": \"${(ServiceAccountOwnerMap.get('ServiceAccountType') == 'Service Account') ? accountname : null}\", \"username\": \"${ServiceAccountOwnerMap.USEROWNERNAMES.get('1')}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": [
{
"message": "Updated Successfully"
}
]
}
]
}

rushikeshvartak · ‎02/11/2024

can you share logs what parameters are being sent in configJSON showlogs =true

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

AtrayeeDutta · ‎02/12/2024

Please find attached logs, I have also tested out with below UpdateAccountJSON but it still giving error

{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ECM/api/v5/assignAccountToUser",
"httpMethod": "POST",
"httpParams": "{\"securitysystem\": \"Active_Directory_Lab\", \"endpoint\": \"Active_Directory_Lab\", \"accountname\": \"${(ServiceAccountOwnerMap.get('ServiceAccountType') == 'Service Account') ? accountname : null}\", \"username\": \"${ServiceAccountOwnerMap.USEROWNERNAMES.get('1')}\"}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json"
}
]
}

rushikeshvartak · ‎02/13/2024

Does task id is 1095928 & Please check if automated provisioning is enabled

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

AtrayeeDutta · ‎02/13/2024

Yes, task id is 1095928 and automated provisioning is enabled.

Saviynt Forums

AD Service Accounts: Correlating Owners, Managers, and Ownership Transfer