Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best practice for provisioning multiple accounts in Active Directory

Go to solution
shezan_mahmud
New Contributor
New Contributor

‎06/25/2024 10:44 PM

Hello,
We have a scenario where we need to create multiple account types (primary, secondary and privileged) for users under the same Active Directory Domain. These accounts will have different naming conventions.

What would be the best practice to implement this use case?

Should we need to create separate Connections, Security Systems and Endpoints? Or can we use single Connection, single Security System and multiple Endpoints?

1 person had this problem.
Labels:
0 Kudos
5 REPLIES 5

Go to solution
rushikeshvartak
All-Star
All-Star

‎06/25/2024 11:11 PM

Create separate endpoint / ss / connections 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
shezan_mahmud
New Contributor
New Contributor
In response to rushikeshvartak

‎06/26/2024 10:19 AM

That means we need to create separate endpoint/ss/connections for each account?

For example - 

for 1. primary account -> we need to create (endpoint, ss, connection)

for 2. secondary account -> we need to create (endpoint, ss, connection)

for 3. other privileged account -> we need to create (endpoint, ss, connection)

Thanks in advance.

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to shezan_mahmud

‎06/26/2024 10:44 AM - edited ‎06/26/2024 10:45 AM

Yes

rushikeshvartak_1-1719423915468.png

 

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
Alex
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎07/23/2024 06:28 AM

Hi @rushikeshvartak ,

This would result in importing the same access for all three security systems/endpoints, which is kind of a big overhead don't you think?
The second critical point is, that you have multiple application shown on the request start page, but in the end it would be only one application. Which makes the view a little bit confusing if you have the setup for different target applications. 
The third thing which is uncertain for me, if the configuration of the Primary Account type on the endpoint. If only one account type can be support, how does this config make sense at all

I assume the better approach would be to remain with one application = endpoint, but this would need enhanced functionality of the form. For example, supporting by default different account types + naming conventions. 

Do you know if this topic is addressed internally or is something in the pipeline like "bring your own form"?

Regards
Alex

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Alex

‎07/23/2024 08:51 AM

  • Yes it will be duplicates account and access - This is expected product design

  • Yes logical / child application is grouping of application specific groups 
  • For enhancement you can raise idea ticket
  • For any desired improvements or enhancements to this process, Saviynt encourages you to submit your proposal through Saviynt's Ideas Portal at https://ideas.saviynt.com/ideas/

    Your valuable input is crucial to shaping the evolution of Saviynt systems.

    Please notify us once the idea ticket has been created.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC