12/15/2022 01:17 AM
We have a requirement where we are creating a Service account via Manage Service Account Tile and we want to assign birthright groups and also create a service account exchange mailbox.
How this can be achieved? as we can't make use of Update Rules or Technical rules since those are related to users.
Solved! Go to Solution.
12/15/2022 04:17 AM
12/15/2022 04:28 AM
Since these are Service Accounts directly created from Manage Service Account Tile there will be no user associated with them and entitlements are not constant but are dynamic based on the user's company, grade, and location.
request rules don't seem to be feasible as well.
How Actionable analytics can calculate and form the groups required for them? as there are nearly 80+ companies, 12 grades. Also, how can we trigger the exchange create account task?
12/15/2022 04:47 AM
You can create actionable report. If any accounts created in last 24 hours then birthright groups & for mailbox creation you need to create request rule based on dynamic attribute
12/18/2022 09:45 PM
I tried to create an actionable analytics report where we will assign the groups based on date. But when I try to save the analytics it says
Since it is a service account, it will not have any associated users. How can we proceed without it?
And can you elaborate on how we can use request rules for mailbox account creation?
12/18/2022 10:31 PM
Like you mentioned , the accounts are service accounts and not tied to any user, you cannot grant birthright access automatically because that is not how Saviynt works.
Instead , when requesting for the service account via the "manage service account" tile , try to show the entitlements as requestable and you can limit the entitlements to be shown via the configuration at the endpoint --> entitlement type level --> "Config for Available Entitlement in Service Account" by making few custom properties align to your dynamic criteria.
you could put a disclaimer using a DA asking the requestor to select all the entitlement available failing which the access will be limited.
For provisioning the service account to exchange , there is no OOTB feature currently available. You may want to handle it at the target end.
12/18/2022 10:35 PM
12/18/2022 10:37 PM
That query is resolved now. But can see it's not creating any task.
12/18/2022 10:41 PM
12/18/2022 10:55 PM
This is the query I am using.
select null as userKey,a.NAME as accName,a.ACCOUNTKEY as acctKey,ev.entitlement_valuekey as entvaluekey,'Provision Access' as Default_Action_For_Analytics from accounts a, entitlement_values ev, entitlement_types et, endpoints e where e.endpointkey = 11 and a.status = '1' and datediff(curdate(),a.created_on) = 3 and ev.ENTITLEMENT_VALUE = 'CN=Windows7,OU=Groups,OU=TestSBU,DC=testad,DC=corp,DC=pri' and ev.ENTITLEMENTTYPEKEY = et.ENTITLEMENTTYPEKEY and et.ENDPOINTKEY = 11
Here I will also need to check if this entitlement is already assigned to the account then no need to create tasks for such accounts.
12/18/2022 11:01 PM
12/19/2022 07:57 PM
With userkey as 1, it worked.