and more in a single search tool across platforms. Read the announcement here. |
04/27/2023 01:07 PM
How can we assign account type to accounts during or after the account import in bulk?
Solved! Go to Solution.
04/27/2023 01:59 PM
@jdfranco Thanks for posting your question in the forums. Please elaborate your use case with details like the target system from where the accounts are to be imported from, different account types on target and the connector you are planning to use and any other information that helps us understand the use case.
Thanks
Nagesh K
04/28/2023 08:00 AM
@NageshK , Accounts are being imported from AD, the account types are admin and service accounts and the connector is SC2.0.
The goal is to update ACCOUNTTYPE
05/02/2023 08:52 AM
Hi @jdfranco
Kindly validate if the provided Solution is working for you.
Please refer this forum post as well for more info.
05/01/2023 08:20 AM
@jdfranco I'm not sure if there is a way to do this but I've requested for this post to be moved under IGA category so that it can be looked at by the relevant teams.
Thanks,
Nagesh K
05/01/2023 09:41 AM
Option 1 - Perform account import on Saviynt for Saviynt DB connection to update the account type for AD application for the accounts starts with 's-' (hope this is the naming convention for the service accounts)
Option 2 - Perform account import on Saviynt REST connection to update the account type for AD application for the accounts starts with 's-' (hope this is the naming convention for the service accounts) --> Saviynt Recommended
05/01/2023 06:02 PM
Solution provided on below thread.
1. First do AD accounts import
2. Write Sav to Sav to change the account type based on your logic/requirement. Below is the sample of the Sav to Sav. You can use this as base and modify it as per your requirement.
<![CDATA[Select a.name as name, s.SYSTEMNAME as securitysystem,e.ENDPOINTNAME as endpoint,
(CASE
WHEN a.endpointkey=30 THEN 'Primary Account'
WHEN a.endpointkey=70 THEN 'Disabled Account'
WHEN a.endpointkey IN(200,210) THEN 'Service Account'
WHEN a.endpointkey IN(80,90,100,110,120) THEN 'Privileged Account'
END) as accounttypename
from Accounts a
inner join endpoints e on e.endpointkey=a.endpointkey
inner join securitysystems s on s.systemkey=e.SECURITYSYSTEMKEY
where a.endpointkey IN(30,70,130,80,90,100,110,120,200,210)]]>
</sql-query>
<mapper description="This is the mapping field for SAviynt Field name" deleteaccountentitlement="true" ifusernotexists="noaction">
<mapfield saviyntproperty="accounts.name" sourceproperty="name" type="character"></mapfield>
<mapfield saviyntproperty="accounts.accounttype" sourceproperty="accounttypename" type="character"></mapfield>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpoint" type="character"></mapfield>
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="securitysystem" type="character"></mapfield>
</mapper>
3. When you schedule jobs , first run the account import job and post that run your Sav to Sav DB import job.
Hope this helps!
Thanks
05/03/2023 07:41 AM
What we ended up doing was a custom query job on every import to update whatever is coming in on the endpoint