Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can we assign group when Service account gets created ?

dhanashree_m
New Contributor III
New Contributor III

‎06/25/2022 11:15 AM

Want to assign a default group to all Active Directory Service accounts, is there a way to achieve this ?

Labels:
0 Kudos
7 REPLIES 7

rushikeshvartak
All-Star
All-Star

‎06/25/2022 11:20 AM

You can use request rule for same. or you can use entitlement map & add default group in all other ad groups


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

dhanashree_m
New Contributor III
New Contributor III
In response to rushikeshvartak

‎06/25/2022 11:25 AM

We cannot use request rule as we dont have organization setup.

Entitlement on account creation also cannot be used as this group is specific for service accounts.

Did not get what this means "you can use entitlement map & add default group in all other ad groups"

Missed mentioning that we want to add default group when service account is created from CreateRequest API

0 Kudos

dhanashree_m
New Contributor III
New Contributor III

‎06/25/2022 11:39 AM

Found a way to do this through API payload itself.

We can add entitlements in Create service account request payload ->

 "entitlement":[
    {"entitlementtype":"memberOf","entitlementvalue":"CN=Group name,OU=Groups,DC=testdomain,DC=net" }]

rushikeshvartak
All-Star
All-Star
In response to dhanashree_m

‎06/26/2022 12:39 PM

If above works it will be rogue issue. Without tasks group has been assigned to account. 

 

Another option is actionable report based on request. 

 

Entitlementmap  considering user will request at least one group hence add default group in every group under entitlement map


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

dhanashree_m
New Contributor III
New Contributor III

‎06/27/2022 02:28 AM

It does create a dependent task with parent task as new account task. So it should cause any audit problem.

Also, user will only provide service account details and not add any group so we cannot create entitlement map.

Thanks.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to dhanashree_m

‎06/27/2022 01:34 PM - edited ‎06/27/2022 01:34 PM

create dummy entitlement  under new Dummy entitlement type in Endpoint & use entitlmentmap. Make dummy entitlement as mandatory n single select which should resolved your access


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

dhanashree_m
New Contributor III
New Contributor III
In response to rushikeshvartak

‎06/27/2022 09:43 PM

This wont work as the entitlement will mandatory for all accounts (user accounts too) which we dont need. Also, I am able to achieve this through Create API only and it does create a separate task for access, so I am covered. Thanks.

0 Kudos
Copyright © 2024 Khoros, LLC