Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configuring Entitlements for AD - Best Practice

Roua
Regular Contributor III
Regular Contributor III

‎07/29/2024 01:06 AM

Hello everyone,

I am asking for an advice on the best approach to configure entitlements for Active Directory. Specifically, I want to understand if the only way to configure these entitlements is through technical rules for each one, or if it is possible to configure them in the AD mapping, such as groupImportMapping.

For example, we have several entitlements like the following:

users.Employeeclass:      045
DN of group:         CN=test,OU=test,OU=test,OU=test,OU=test,OU=test,DC=test,DC=test,DC=test
There are more than 10 such entitlements that need to be configured.

Could someone please guide me on whether I need to create individual technical rules for each of these entitlements, or if there is a more efficient way to handle this through AD mapping configurations?

Thanks in advance for your help!

Labels:
0 Kudos
10 REPLIES 10

NM
Esteemed Contributor
Esteemed Contributor

‎07/29/2024 01:09 AM

Hi @Roua, do you want to create AD groups from saviynt or assign already created groups to account.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

Roua
Regular Contributor III
Regular Contributor III
In response to NM

‎07/29/2024 02:19 AM

Hi @NM they are already created in AD.

0 Kudos

NM
Esteemed Contributor
Esteemed Contributor

‎07/29/2024 02:22 AM

If DN of the group is matching with user property you can assign dynamically.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

userNM
Regular Contributor
Regular Contributor
In response to NM

‎07/29/2024 03:21 AM

no, do not match, but the point is, if can we only do it via Technical rules?

The entitlements are coming from AD in Saviynt and we want to assign them there to the accounts and users.

So, as it was written e.g. if

users.Employeeclass= 045

then the entitlement
DN of group: CN=test,OU=test,OU=test,OU=test,OU=test,OU=test,DC=test,DC=test,DC=test

is assigned and provisioned to the target system as well.

0 Kudos

NM
Esteemed Contributor
Esteemed Contributor

‎07/29/2024 03:29 AM

Hi @userNM @Roua , analytics is also an option where you can assign group on the basis of user employee class.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

userNM
Regular Contributor
Regular Contributor
In response to NM

‎07/29/2024 03:39 AM

thank you! but we need to provision them as Birthrights... I think with Analitics it is not really possible...

0 Kudos

NM
Esteemed Contributor
Esteemed Contributor

‎07/29/2024 03:41 AM

It is possible but if you want to provision when user is created .. then technical rule is the only option.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

rushikeshvartak
All-Star
All-Star

‎07/29/2024 08:06 AM

  • Does employee class is same for multiple employees ?
  •  

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Roua
Regular Contributor III
Regular Contributor III
In response to rushikeshvartak

‎07/30/2024 12:47 AM

Yes it is:

Roua_0-1722325587895.png

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Roua

‎07/30/2024 03:15 AM

Since employee class are handy create those many rules


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC