Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Add Primary Certifier to Account Owners for Service Account Campaign

AashishD
Regular Contributor II
Regular Contributor II

Hi,

We have a requirement for adding Primary Certifier as rank  to service accounts but this isn't possible as we  cannot update rank via enhanced query and also via the ars form we can add only ranks 1 to 5.

After going through various posts on forums, we know that the manual csv aproach is a viable solution, but the client does not want any manual intervention.

Is there any automation that could be used to update owners to service accounts as primary certifier?

Can we update gsp files under file management that only Primary Certifier shows instead of rank 1-5 while choosing account owner, or primary certifier is defaulted if no owner selected?

Or can we do it via Saviynt4Saviynt Rest connection to update accounts by first calling the analytics api and then import accounts to update rank owners? Has anyone successfully executed this approach?

Updating rank owners was easier and allowed through custom query but that's deprecated and not recommended in current versions.

Or can this be done by partial scripting?

 

Are there any workarounds barring the manual approach?

Any help is appreciated.

 

7 REPLIES 7

Amit_Malik
Valued Contributor II
Valued Contributor II

Hi @AashishD , you can update primary certifier using API call and through ARS SAv4SAv

Amit_Malik_0-1725450754460.png

Call 

url : ECM/api/v5/updateAccount

body

{
"securitysystem": "SS",
"endpoint": "EP",
"name": "ACCNTNAME",
"customproperty1":"cp1",
"description":"desc",
"status":"1",
"accountowner": [
{
"type": "user",
"value": "active user username",
"rank": "26",
"action":"add"
},
{
"type": "user",
"value": "active user username",
"rank": "27",
"action":"add"
}
]
}

 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".

AashishD
Regular Contributor II
Regular Contributor II

Thanks Amit,

We'll check this and update.

rushikeshvartak
All-Star
All-Star
  • Can we update gsp files under file management that only Primary Certifier shows instead of rank 1-5 while choosing account owner, or primary certifier is defaulted if no owner selected?

    • There is workaround for this problem
    • You can't select Rank Primary certifier when you add but when you click on view owner button you can add there rank 26 is visible
    • Recording 2024-09-04 at 10.16.35.gif
    •  

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

AashishD
Regular Contributor II
Regular Contributor II

Hi Rushi,

We have explored this process as well, but considering the ars form would handled by HRs, there are chances of them making mistakes and defaulting the owner to rank 1. Hence we were looking for other alternatives that could be handled either via sav4sav or gsp

You can use sav4sav with REST APIs

 

rushikeshvartak_0-1725461503849.png

 

rushikeshvartak_1-1725461503854.png

Refer https://forums.saviynt.com/t5/identity-governance/update-owner-and-primary-certifier-of-the-service-...

 

{
    "securitysystem": "Sav4sav",
    "endpoint": "Sav4sav",
    "name": "admin",
    "accountowner": [
        {
            "type": "user",
            "value": "saviyntsupportagent1",
            "rank": "26",
            "action":"add"
        },
        {
            "type": "user",
            "value": "saviyntsupportagent2",
            "rank": "27",
            "action":"add"
        }
    ]
}

Refer Saviynt API Documentation

https://docs.saviyntcloud.com/bundle/API-Reference-Guide/page/Content/API-References.htm


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

AashishD
Regular Contributor II
Regular Contributor II

Hi Rushi,

We are trying to achieve this via SAV4SAV Rest connection, wherein we are first calling the analytics url which give the systemName, endPointName,username,ownerRank and ownerAction.

 

However, in the second call we are trying to set the rank for each of the users fetched from the first call and set them as primary.

But in the second call, it does not update all the users. Below is the code for ImportAccountEntJSON:

Do you see any errors that we must be making?

{
"accountParams": {
"connection": "userAuth",
"processingType": "SequentialAndIterative",
"call": {
"call1": {
"callOrder": 0,
"stageNumber": 0,
"http": {
"url": "
https://abc.com/ECM/api/v5/fetchRuntimeControlsDataV2?analyticsname=Service_Accnt_Owner_Update"
,
"httpHeaders": {
"Authorization": "${access_token}",
"Content-Type": "application/json"
},
"httpContentType": "application/json",
"httpMethod": "POST"
},
"listField": "results",
"keyField": "accountID",
"colsToPropsMap": {
"accountID": "accountid~#~char",
"name": "name~#~char",
"customproperty33": "systemName~#~char",
"customproperty34": "endPointName~#~char",
"customproperty35": "username~#~char",
"customproperty36": "ownerRank~#~char",
"customproperty37": "ownerAction~#~char"
}
},
"call2": {
"callOrder": 1,
"http": {
"httpContentType": "application/json",
"httpHeaders": {
"Authorization": "${access_token}",
"Accept": "application/json"
},
"httpMethod": "POST",
"url": "
https://abc.com/ECM/api/v5/updateAccount"
,
"httpParams": "{\"securitysystem\":\"${response.call1.message.results[0].systemName}\",\"endpoint\":\"${response.call1.message.results[0].endPointName}\",\"name\":\"${response.call1.message.results[0].name}\",\"accountowner\":{\"type\":\"user\",\"value\":\"${response.call1.message.results[0].username}\",\"rank\":\"${response.call1.message.results[0].ownerRank}\",\"action\":\"${response.call1.message.results[0].ownerAction}\"}}"
},
"successResponses": {
"message": "Account Updated Successfully",
"statusCode": [
200,
201
]
}
}
}
},
"acctEntParams": {},
"entitlementParams": {}
}

It seems response.call1.message.results[0]. Causing issue


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.