Click HERE to see how Saviynt Intelligence is transforming the industry. |
02/08/2024 08:39 AM
Hello Team,
We are currently working on a requirement that involves correlating Active Directory Service Accounts with their respective primary owners (using Rank 1 as the primary owner and Rank 2 as the secondary owner). As part of this process, we need to ensure that when a Rank 1 owner's employment is terminated, their ownership is automatically transferred to their manager. Additionally, the Rank1 owner's manager should be correlated with the Service Account.
We have successfully managed the transfer of ownership to the manager through a user update rule. However, there are two main tasks that we still require help with:
We came across a suggestion to use the Sav4Sav REST connector to achieve this, below is the link, would appreciate any guidance or assistance on how to proceed.
Service Account import from Active Directory - Saviynt Forums - 18679
Regards,
02/08/2024 08:35 PM
You need to use saviynt REST API to achieve above use cases.
02/08/2024 10:59 PM
Could you please provide more details? We have attempted to implement a hardcoded solution, which successfully correlated the data. However, while trying to dynamically apply this solution, we encountered an error.
Here is the UpdateAccountJSON we used:
{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xxxxxxxxxxxxxxxxxxxx/ECM/api/v5/assignAccountToUser",
"httpMethod": "POST",
"httpParams": "{\"securitysystem\": \"Active_Directory\", \"endpoint\": \"Active_Directory\", \"accountname\": \"${(ServiceAccountOwnerMap.get('ServiceAccountType') == 'Service Account') ? accountname : null}\", \"username\": \"${ServiceAccountOwnerMap.USEROWNERNAMES.get('1')}\"}",
"httpHeaders": {
"Authorization": "${access_token}"
},
"httpContentType": "application/json",
"successResponses": [
{
"message": "Updated Successfully"
}
]
}
]
}
02/11/2024 07:58 PM
can you share logs what parameters are being sent in configJSON showlogs =true
02/12/2024 06:52 AM
Please find attached logs, I have also tested out with below UpdateAccountJSON but it still giving error
{
"call": [
{
"name": "call1",
"connection": "acctAuth",
"url": "https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/ECM/api/v5/assignAccountToUser",
"httpMethod": "POST",
"httpParams": "{\"securitysystem\": \"Active_Directory_Lab\", \"endpoint\": \"Active_Directory_Lab\", \"accountname\": \"${(ServiceAccountOwnerMap.get('ServiceAccountType') == 'Service Account') ? accountname : null}\", \"username\": \"${ServiceAccountOwnerMap.USEROWNERNAMES.get('1')}\"}",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpContentType": "application/json"
}
]
}
02/13/2024 08:53 PM
Does task id is 1095928 & Please check if automated provisioning is enabled
02/13/2024 10:57 PM
Yes, task id is 1095928 and automated provisioning is enabled.