Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Assigning birthright entitlements to user based on options selected in create/update user form

SumathiSomala
All-Star
All-Star

‎10/12/2023 12:24 AM

Hi All,
I have usecase that i have created one DA(multi select from SQL Query) in create user form if user selects multiple options i have to assign multiple AD groups as birth right access to the user based the selection.

Example:1.Suppose user selected US,UK,India options from create user form then user should get access to below AD groups.

CN=PA-US,OU=Security Groups,OU=XXXX Groups,DC=XXXX,DC=XXXX
CN=PA-UK,OU=Security Groups,OU=XXXX Groups,DC=XXXX,DC=XXXX
CN=PA-India,OU=Security Groups,OU=XXXX Groups,DC=XXXX,DC=XXXX

 

2.Suppose user selected US,India options from create user form then user should get access to below AD groups.

CN=PA-US,OU=Security Groups,OU=XXXX Groups,DC=XXXX,DC=XXXX
CN=PA-India,OU=Security Groups,OU=XXXX Groups,DC=XXXX,DC=XXXX

To achieve this i have created 10 technical rules for 10 options.
Is these are any possibility to reduce the technical rule count?

Any help would be appreciated.

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

Labels:
0 Kudos
5 REPLIES 5

ejeong
Valued Contributor
Valued Contributor

‎10/12/2023 12:35 AM

yes possible, add country value into one of user.customproperty

then in tech rule, 

you can do like 

${user.customproperty},OU=Security Groups,OU=XXXX Groups,DC=XXXX,DC=XXXX

0 Kudos

SumathiSomala
All-Star
All-Star
In response to ejeong

‎10/12/2023 12:40 AM

@ejeong i have tried this but it will work for single selection , not for multiple selection.

Values will be stored like US,UK,India in User's customproperty so if it not possible to assign dynamically.

Any other ideas?

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

0 Kudos

Saathvik
All-Star
All-Star
In response to SumathiSomala

‎10/12/2023 11:18 AM - edited ‎10/12/2023 11:21 AM

@SumathiSomala : what if you create multiple technical rules based on country and use condition like below for each country and trigger respective group to be added

 

sk_1-1697134669107.png

Or using Advanced config with below query

a.customproperty52 like 'US,%' OR a.customproperty52 like '%,US' OR a.customproperty52 like '%,US,%'


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

SumathiSomala
All-Star
All-Star
In response to Saathvik

‎10/12/2023 11:34 PM

Thanks @Saathvik Already i have configured in the same way, but we have 25 multiple selection options so I have to create 25 rules to assign AD group as birthright access.

Is these are any possibility to reduce the technical rule count?

 

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

0 Kudos

ejeong
Valued Contributor
Valued Contributor

‎10/12/2023 12:42 AM

for multi selection, I don't think it's feasible. maybe you need to it with analytics (actionable)

0 Kudos
Copyright © 2024 Khoros, LLC