Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/25/2022 11:15 AM
Want to assign a default group to all Active Directory Service accounts, is there a way to achieve this ?
06/25/2022 11:20 AM
You can use request rule for same. or you can use entitlement map & add default group in all other ad groups
06/25/2022 11:25 AM
We cannot use request rule as we dont have organization setup.
Entitlement on account creation also cannot be used as this group is specific for service accounts.
Did not get what this means "you can use entitlement map & add default group in all other ad groups"
Missed mentioning that we want to add default group when service account is created from CreateRequest API
06/25/2022 11:39 AM
Found a way to do this through API payload itself.
We can add entitlements in Create service account request payload ->
06/26/2022 12:39 PM
If above works it will be rogue issue. Without tasks group has been assigned to account.
Another option is actionable report based on request.
Entitlementmap considering user will request at least one group hence add default group in every group under entitlement map
06/27/2022 02:28 AM
It does create a dependent task with parent task as new account task. So it should cause any audit problem.
Also, user will only provide service account details and not add any group so we cannot create entitlement map.
Thanks.
06/27/2022 01:34 PM - edited 06/27/2022 01:34 PM
create dummy entitlement under new Dummy entitlement type in Endpoint & use entitlmentmap. Make dummy entitlement as mandatory n single select which should resolved your access
06/27/2022 09:43 PM
This wont work as the entitlement will mandatory for all accounts (user accounts too) which we dont need. Also, I am able to achieve this through Create API only and it does create a separate task for access, so I am covered. Thanks.