Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ADSI-add group owner to provisioning Json

Go to solution
SirishaP
New Contributor II
New Contributor II

‎09/04/2024 07:47 AM

We are attempting to implement AD Group Management in Saviynt using ADSI Connector.

To achieve this, we are creating Groups through the Manage Roles> Create ADSI Groups interface.

Additionally, we aim to import existing entitlement owners thereby, we require a Sample connection to incorporate the group owner into the provisioning Json, 

 

  • Connection Type: ADSI(ADSI)
  • GroupImportMapping:

{
"importGroupHierarchy": "true",
"entitlementTypeName": "memberOf",
"performGroupAccountLinking": "true",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,customProperty1:samaccounttype_char,customProperty2:instancetype_char,customProperty3:usncreated_char,customProperty4:grouptype_char,customProperty5:dscorepropagationdata_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whencreated_date,customProperty15:managedby_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectcategory_char,customProperty11:samaccounttype_char,entitlement_value:distinguishedname_char,entitlementid:objectguid_binary,customProperty14:objectclass_char,updatedate:whenchanged_date,customProperty17:distinguishedname_char,RECONCILATION_FIELD:entitlementid",
"entitlementOwnerAttribute": "managedby",
"tableFieldAttribute": "COMMENTS"
}

  • CreateGroupJSON:

{
"objects": [
{
"objectClasses": [
"group"
],
"baseDn": "${role.customproperty24}",
"attributes": {
"cn": "${role?.customproperty26}",
"name": "${role?.displayname}",
"description": "${role?.description}",
"displayName": "${role?.displayname}",
"groupType": "-2147483640",
"managedBy" : "${user?.customproperty11}",
"mailnickname":"${role?.customproperty26}@___.com"
}
}
]
}

Labels:
0 Kudos
4 REPLIES 4

Go to solution
rushikeshvartak
All-Star
All-Star

‎09/04/2024 07:54 AM

  • You need to use enhanced query and update role custom property for managed By
  • Use actionable analytics to call update Entitlement call

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
SirishaP
New Contributor II
New Contributor II
In response to rushikeshvartak

‎09/06/2024 12:40 AM

Hi, how can this be accomplished; can you provide an example?

0 Kudos

Go to solution
stalluri
Valued Contributor
Valued Contributor

‎09/06/2024 06:37 AM

@SirishaP 
This will pull the owner's info from the entitlement level.

"managedBy": "${ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.name:null}"
      }

 Actionable analytics to call update Entitlement Owner:

Map Entitlement Owner

When Map Entitlement Owner is configured as an allowed action, it maps owner(s) to entitlements in EIC.

The Analytics query must have the columns given below:
entvaluekey - Stores entitlement key of the entitlement to which the owner needs to be added.

Sample query:

SQL
select e.endpointname AS APPLICATION, et.ENTITLEMENTNAME as 'ENTITLEMENT TYPE', ev.entitlement_value AS 'ENTITLEMENT NAME', ev.ENTITLEMENT_VALUEKEY AS 'entvaluekey' from entitlement_values ev, entitlement_owners eo, endpoints e, entitlement_types et where ev.ENTITLEMENTTYPEKEY= et.ENTITLEMENTTYPEKEY and et.ENDPOINTKEY = e.ENDPOINTKEY and ev.ENTITLEMENT_VALUEKEY not in (Select distinct ENTITLEMENT_VALUEKEY from entitlement_owners);
 

For more information about viewing mapped entotlement owners, see Sample Actions in Reports in Creating Actionable Analytic Reports.

Note: The default action via query is not available and these actions have to be performed manually.




Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.
Copyright © 2024 Khoros, LLC