Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Child Endpoint Account Name based on Parent Endpoint account

mansoorahmed1
New Contributor III
New Contributor III

‎11/14/2023 11:13 PM

Hi,

We are onboarding AD apps to saviynt  using Endpoint_Filter option , where all the AD app endpoints are child endpoint AD endpoint as parent point. All users are having AD account , and the naming convention for those existing and new accounts are based on username/employee ID.

However for some existing users, they are having legacy AD accounts which have different naming convention , which is not consistent or cannot be generated using the attributes of User ID in Saviynt. So when we raise request for these users for the AD application , saviynt is trying to create new AD account with username as the account name as Saviynt thinks user doesnt have an AD account . Inorder to stop Saviynt from creating new users we added the parent endpoint (AD ) as mapped endpoints for all the child endpoints in endpoint configuration, in this way we were able to solve the issue but only when the request is raised from Saviynt UI. We have Service Now as the request form , were all the request are created from there, when we raise request for these users from Service Now, it is still generating the account name from username rather than taking account name from the mapped endpoint account.

Any solution to overcome this issue is highly appreciated ? 

Regards,

Mansoor Ahmed

0 Kudos
5 REPLIES 5

Darshanjain
Saviynt Employee
Saviynt Employee

‎11/16/2023 03:06 AM

Hi @mansoorahmed1 

Unfortunately as of now i dont think we have any solution for that, from saviynt UI yes u can use the mapped endpoint function and restrict the accounts  as not to be created.

 

Thanks

Darshan

0 Kudos

mansoorahmed1
New Contributor III
New Contributor III
In response to Darshanjain

‎11/20/2023 06:59 PM

Can we expect Saviynt to get a fix on this in the future ?

Mansoor

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to mansoorahmed1

‎11/20/2023 07:22 PM

Currently its not supported please submit idea ticket for enhancement 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Darshanjain
Saviynt Employee
Saviynt Employee
In response to Darshanjain

‎11/20/2023 09:03 PM

Hi @mansoorahmed1 

Currently it's not supported , so would request to raise in ideas portal as enhancement.

 

Thanks

Darshan

0 Kudos

amit_krishnajit
Saviynt Employee
Saviynt Employee

‎11/21/2023 12:48 AM

Could you try the following solution? 

In the account name rule of the logical/child endpoint/application, use an advanced query to figure out the account name for the user. In the rule, you may use SQL query to determine the account name for the user based on another account in another application. 

Sharing a sample query that you may use:

(select name from accounts a join user_accounts ua on a.accountkey=ua.accountkey join endpoints e on a.endpointkey=e.endpointkey and endpointname='<<Parent App>>' where ua.userkey=users.userkey)

 

Thanks,
Amit
0 Kudos
Copyright © 2024 Khoros, LLC