Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Best practice for provisioning multiple accounts in Active Directory

shezan_mahmud
New Contributor
New Contributor

Hello,
We have a scenario where we need to create multiple account types (primary, secondary and privileged) for users under the same Active Directory Domain. These accounts will have different naming conventions.

What would be the best practice to implement this use case?

Should we need to create separate Connections, Security Systems and Endpoints? Or can we use single Connection, single Security System and multiple Endpoints?

5 REPLIES 5

rushikeshvartak
All-Star
All-Star

Create separate endpoint / ss / connections 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

That means we need to create separate endpoint/ss/connections for each account?

For example - 

for 1. primary account -> we need to create (endpoint, ss, connection)

for 2. secondary account -> we need to create (endpoint, ss, connection)

for 3. other privileged account -> we need to create (endpoint, ss, connection)

Thanks in advance.

Yes

rushikeshvartak_1-1719423915468.png

 

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Alex
Regular Contributor
Regular Contributor

Hi @rushikeshvartak ,

This would result in importing the same access for all three security systems/endpoints, which is kind of a big overhead don't you think?
The second critical point is, that you have multiple application shown on the request start page, but in the end it would be only one application. Which makes the view a little bit confusing if you have the setup for different target applications. 
The third thing which is uncertain for me, if the configuration of the Primary Account type on the endpoint. If only one account type can be support, how does this config make sense at all

I assume the better approach would be to remain with one application = endpoint, but this would need enhanced functionality of the form. For example, supporting by default different account types + naming conventions. 

Do you know if this topic is addressed internally or is something in the pipeline like "bring your own form"?

Regards
Alex

  • Yes it will be duplicates account and access - This is expected product design

  • Yes logical / child application is grouping of application specific groups 
  • For enhancement you can raise idea ticket
  • For any desired improvements or enhancements to this process, Saviynt encourages you to submit your proposal through Saviynt's Ideas Portal at https://ideas.saviynt.com/ideas/

    Your valuable input is crucial to shaping the evolution of Saviynt systems.

    Please notify us once the idea ticket has been created.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.