Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Attributes that should not be modified in AD

Go to solution
Ivan5533
Regular Contributor
Regular Contributor

‎06/19/2024 01:56 AM

Hello,

I would like to ask you if there is any possibility to not modify a specific attribute in AD for certain users.

This is because there are attributes for old users that we cannot change.

For example, there are users that in the customproperty30 have the attribute "NO_UPDATE", is there any possibility that in the USERUPDATEJSON there are attributes that are not modified if the user to which the account belongs has NO_UPDATE in the customproperty30? note that this only applies to SOME attributes, not all, so I do not think it can be done at user update rule level.

How can we avoid modifying the facsimileTelephoneNumber and userAccountControl in users that have NO_UPDATE in the customproperty30 in the following USERUPDATEJSON (simplified)?

{
"givenname": "${user.firstname}",
"userPrincipalName": "${user.systemUserName+'@test.com'}",
"sn": "${user.lastname}",
"cn": "${user.displayname}",
"userAccountControl": "${if(user.statuskey == 1){'512'} else{'514'}}",
"manager":"${managerAccount.accountID}",
"postalCode": "${user.locationnumber}",
"facsimileTelephoneNumber": "${user.customproperty7}",
"mail": "${user.email}",
}

Thank you in advance

0 Kudos
6 REPLIES 6

Go to solution
dgandhi
All-Star
All-Star

‎06/19/2024 07:57 AM

facsimileTelephoneNumber : "${if((user?.customproperty23=='NO_UPDATE')){accountName} else {user.customproperty7}}",

Try something like above, if CP23 = ' NO_UPDATE' then provision the same value which is present in the account (accountname is just for sample,) here I am assuming that you are brining that value from target(facsimileTelephoneNumber )and storing it in some account attribute , so use that account attribute here, and if it is not equal to NO_UPDATE then provision the CP7 value.

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Go to solution
rushikeshvartak
All-Star
All-Star

‎06/19/2024 10:27 PM

This is currently not supported for AD connector however supported for SAP connector only.

Upvote Idea - https://ideas.saviynt.com/ideas/EIC-I-5729 

Refer https://forums.saviynt.com/t5/identity-governance/retain-ad-account-attribute-for-a-specific-account...


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
Ivan5533
Regular Contributor
Regular Contributor

‎06/20/2024 01:55 AM

Hi guys,

Thanks for your replies. The best way to access the current value of the attribute in the account would be by accessing the task or directly to the account? e.g. task.accountKey.accounttype or account.accounttype ?

Kind regards,

Iván

0 Kudos

Go to solution
dgandhi
All-Star
All-Star
In response to Ivan5533

‎06/20/2024 06:38 AM

In our project , we used account object.

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Ivan5533

‎06/20/2024 09:35 PM

You can access either way. both going to provide same results


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
Ivan5533
Regular Contributor
Regular Contributor

‎06/21/2024 12:34 AM

Thank you guys!

0 Kudos
Copyright © 2024 Khoros, LLC