Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Adding accounts to different entitlements automatically and dynamically

Go to solution
Jdom
New Contributor II
New Contributor II

‎05/23/2022 12:26 PM

Hello,

I'm trying to figure out the best way to tackle adding accounts to entitlements based on user properties.

Example: need to add an account to AD group automatically using user attributes; Example group name is "(department)(region)(title)" or "Legal-EMEA-Director". All of the attributes work as-is, so no translation needed, but is there a way to create a technical rule or other method that adds the AD account to the appropriate AD group automatically instead of creating a ton of rules that match all possible combinations of user attributes? I'd like to use technical rules with the birthright option, as it will allow the account to be added to the appropriate group if the department, region, or title changes...

I'm looking at dynamic attributes on the Active Directory endpoint, but unfortunately haven't been able to find a lot of documentation (https://saviynt.freshdesk.com/support/solutions/articles/43000556317-viewing-or-updating-endpoints) on them, it seems they are only used for ARS requests (I may be mistaken)?

0 Kudos
13 REPLIES 13

Go to solution
Sivagami
Valued Contributor
Valued Contributor

‎05/23/2022 12:44 PM

You can do something like this in your Technical Rule Action.

Screenshot 2022-05-24 at 1.09.13 AM.png

Go to solution
Jdom
New Contributor II
New Contributor II
In response to Sivagami

‎05/24/2022 09:50 AM

This looks like the approach I'd like to take, however when typing into the Object field, I'm unable to save it? It seems to look for the object but since it can't find it, it's not populating. Does my user need to have these properties filled out for this to "resolve" or is there another way to get this populated?

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Jdom

‎05/24/2022 11:55 AM

These will not be auto populated but you will have to manually type in the computed entitlement in the rule. Once you do that, you should be able to "send for approval" to save it.

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

Go to solution
Jdom
New Contributor II
New Contributor II
In response to avinashchhetri

‎05/25/2022 06:19 AM

When you say computed, do you mean that I'm unable to use variables? As it stands, it blanks out the CN=$(user.departmentname)$(user.region)$(user.title),OU=Distribution Groups,OU=Groups,DC=domainanamehere,DC=com value when I click out of the box.

I'm trying to use variables because otherwise I'd have to manually specify 500+ groups or create as many roles to assign the entitlements (not seeing another way at the moment) that could match all of the possible departments, regions and titles in my company.

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Jdom

‎05/25/2022 06:53 AM - edited ‎06/23/2022 09:10 AM

No, what I am suggesting is instead of copy pasting the logic "CN=${user.departmentname}${user.region}${user.title},OU=Distribution Groups,OU=Groups,DC=domainanamehere,DC=com" try and manually type these under the Object field.

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

Go to solution
Jdom
New Contributor II
New Contributor II
In response to avinashchhetri

‎05/25/2022 09:34 AM

Unfortunately, I'm not able to type or paste into that field and have it stick. It's looking for an object to select and I cannot click or tab out of the field, as it will blank it out.

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Jdom

‎05/25/2022 09:58 AM

Interesting, which Saviynt version are you on ?

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

Go to solution
Jdom
New Contributor II
New Contributor II
In response to avinashchhetri

‎05/26/2022 07:50 AM

I have 2 Dev environments, v2021.0 and 5.5sp3.8

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Jdom

‎05/27/2022 08:08 AM

It should work on v5.5SP3.x version as shown in the screenshot below.

I' suggest to open a support ticket and get this resolved.

avinashchhetri_0-1653664062573.png

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri

Go to solution
rushikeshvartak
All-Star
All-Star

‎05/23/2022 12:53 PM - edited ‎05/23/2022 12:54 PM

Try below logic for Role, for entitlement you need to go with Organizations

rushikeshvartak_0-1653335592935.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
Sivagami
Valued Contributor
Valued Contributor

‎05/27/2022 11:28 AM

@Jdom - As soon as you start typing, give it a moment to populate down and Select it. 

Screenshot 2022-05-27 at 11.56.22 PM.png

Hope this helps!

Go to solution
Jdom
New Contributor II
New Contributor II
In response to Sivagami

‎05/27/2022 11:46 AM

Thanks! I think the actual issue was that I was using parentheses and not curly brackets. The screenshots looked like parentheses to me but when I saw your clip I switched to curly brackets and now it's letting me save the value. I'll test and see if everything works as I hope it will!

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Jdom

‎05/31/2022 12:52 PM

Great, Let us know how it goes and keep us posted.

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
0 Kudos
Copyright © 2024 Khoros, LLC