Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/04/2024 07:47 AM
We are attempting to implement AD Group Management in Saviynt using ADSI Connector.
To achieve this, we are creating Groups through the Manage Roles> Create ADSI Groups interface.
Additionally, we aim to import existing entitlement owners thereby, we require a Sample connection to incorporate the group owner into the provisioning Json,
{
"importGroupHierarchy": "true",
"entitlementTypeName": "memberOf",
"performGroupAccountLinking": "true",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,customProperty1:samaccounttype_char,customProperty2:instancetype_char,customProperty3:usncreated_char,customProperty4:grouptype_char,customProperty5:dscorepropagationdata_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whencreated_date,customProperty15:managedby_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectcategory_char,customProperty11:samaccounttype_char,entitlement_value:distinguishedname_char,entitlementid:objectguid_binary,customProperty14:objectclass_char,updatedate:whenchanged_date,customProperty17:distinguishedname_char,RECONCILATION_FIELD:entitlementid",
"entitlementOwnerAttribute": "managedby",
"tableFieldAttribute": "COMMENTS"
}
{
"objects": [
{
"objectClasses": [
"group"
],
"baseDn": "${role.customproperty24}",
"attributes": {
"cn": "${role?.customproperty26}",
"name": "${role?.displayname}",
"description": "${role?.description}",
"displayName": "${role?.displayname}",
"groupType": "-2147483640",
"managedBy" : "${user?.customproperty11}",
"mailnickname":"${role?.customproperty26}@___.com"
}
}
]
}
Solved! Go to Solution.
09/04/2024 07:54 AM
09/06/2024 12:40 AM
Hi, how can this be accomplished; can you provide an example?
09/06/2024 06:13 AM
09/06/2024 06:37 AM
@SirishaP
This will pull the owner's info from the entitlement level.
"managedBy": "${ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.name:null}" }
Actionable analytics to call update Entitlement Owner:
When Map Entitlement Owner is configured as an allowed action, it maps owner(s) to entitlements in EIC.
The Analytics query must have the columns given below:
entvaluekey - Stores entitlement key of the entitlement to which the owner needs to be added.
Sample query:
select e.endpointname AS APPLICATION, et.ENTITLEMENTNAME as 'ENTITLEMENT TYPE', ev.entitlement_value AS 'ENTITLEMENT NAME', ev.ENTITLEMENT_VALUEKEY AS 'entvaluekey' from entitlement_values ev, entitlement_owners eo, endpoints e, entitlement_types et where ev.ENTITLEMENTTYPEKEY= et.ENTITLEMENTTYPEKEY and et.ENDPOINTKEY = e.ENDPOINTKEY and ev.ENTITLEMENT_VALUEKEY not in (Select distinct ENTITLEMENT_VALUEKEY from entitlement_owners);
For more information about viewing mapped entotlement owners, see Sample Actions in Reports in Creating Actionable Analytic Reports.