Saviynt Forums

PB1 · ‎04/25/2023

Hello,

We have a ADSI connector connecting with 2 AD forests with 1 domain in each forest (Domain1 and Domain2).
We also have few AD based applications in Domain1.

The configuration we have for this is - a Master endpoint with Domain1 and Domain2 as child endpoint. Also App1, App2, App3 have Domain1 as parent.

Endpoint filters are defined for Domain1, App1, App2, App3 and Domain2.

Upon reconciliation we get all accounts and access in Master and also accounts for Domain1, Domain2, App1, App2, App3.

However for provisioning we want if the user requests for Domain1 entitlement, upon provisioning, as per Domain1 the create account task, which will be generated for Master endpoint should have account name rule as per Domain1.

Will the request object have this information whihc we can use in create account json or accountname rule?

Thanks!

timchengappa · ‎04/26/2023

Hi @PB1

Please refer to the "Account Name Rule" section of the document below. It has a sample of using 'if-else' statements and generates an account name.
Ref: https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter02-Identity-Repository/...

You can then use the system-generated AccountName prefixed to the DN of the AccountNameRule of the AD connector. Please see the definition of 'ACCOUNTNAMERULE" in the document below for samples...
Ref: https://docs.saviyntcloud.com/bundle/LDAP-v23x/page/Content/Understanding-the-Integration-Between-EI...

PB1 · ‎05/09/2023

Thanks for your response. We pulled the endpointname from the request and used it to define the accountname rule.

timchengappa · ‎05/09/2023

Hi @PB1 Thanks for confirming the solution.

Saviynt Forums

Assign AccountName Rule as per child endpoint for Active Directory