Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Azure Active Directory multi endpoint request

aparikh
New Contributor
New Contributor
Step1: We import Slack, Github and Aetissian groups as entitlements in Saviynt from Acure AD.
Step2: User should able to request Slack, Github and Atlassian separately. So all these 3 should come up separately in ARS. So all these 3 should be in separate endpoint. Security System has to be same as they all will have same Azure Account. 
 
So from User perspective / experience it becomes easier to request. 
8 REPLIES 8

Manikanta_S
Saviynt Employee
Saviynt Employee

Hello,

You can achieve this, a security system can be associated with the multiple endpoints, while creating an endpoint you can specify the security system and the endpoint would be associated with it.

Manikanta_S_1-1656617940878.png

 

Manikanta_S_0-1656617892517.png

 

Thanks & Kind Regards,
Manikanta.S

aparikh
New Contributor
New Contributor

So how should I associate entitlement to the endpoint ? Like Slack entitlement should associate to the Slack endpoint, Github entitlement should associate to the Github endpoint and Altassian entitlement should associate to the Altassian endpoint. All this entitlements are imported from Azure AD. Let me know if you want more clearity on what we are looking for ?

Azure AD does not having Group Filter option. 

You can do in following way

  • Endpoint : Azure - This will pull all information from Azure
  • Endpoint Slack - (DB Connector) - Pull information from Saviynt DB (Querying on Azure Endpoint) based on some attributes from Azure endpoint like Customproperty1 = Slack 
  • Provisioning will happen in Azure but user will see different application

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

aparikh
New Contributor
New Contributor

@rushikeshvartak - Do you have documentation for referring this ?

sahajranajee
Saviynt Employee
Saviynt Employee

Hi @aparikh ,

If you want to create logical apps/endpoints (For different request forms) from entitlements coming from the same Target (here Azure) we would suggest using the REST connector and using the Endpoint Filter Functionality. 
The Endpoint filter would create endpoints based off entitlement grouping which can then be used as separate forms for your end users.

Details on the REST connector Documentation : https://saviynt.freshdesk.com/support/solutions/articles/43000521736-rest-connector-guide


Regards,
Sahaj Ranajee
Sr. Product Specialist

hi @sahajranajee 

Will this work for accounts as well?  The request form requires accounts to be of the same endpoint as the entitlement - how would we make Saviynt not generate new accounts for different endpoints within the same security system?

Thanks

Ajit

avinashchhetri
Saviynt Employee
Saviynt Employee

The ENDPOINT_FILTER in a REST Connector is only supported for reconciliation and not for provisioning. 

The only workaround I can think of is requesting against the parent endpoint, rather than child endpoint.

 

 

Regards,
Avinash Chhetri

sahajranajee
Saviynt Employee
Saviynt Employee

@aparikh As Avinash mentioned, Endpoints_Filter works during recon. For provisioning, since the Connection remains the same. You would need to work your logic of closing the extra new account tasks in the provisioning jsons.


Regards,
Sahaj Ranajee
Sr. Product Specialist