Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Correlating Accounts to Users using another endpoint

igaravi
Regular Contributor
Regular Contributor

We are importing admin accounts from a new application but no way to correlate to User schema. But we do have the same admin accounts in our other endpoints like AD, Unix, O365 etc., already correlated to Users. Can we leverage these correlated endpoints while importing from the new Application, using advanced  SQL rule?

6 REPLIES 6

sk
All-Star
All-Star

I don't think it is possible to correlate user and account using data from another endpoints account


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

igaravi
Regular Contributor
Regular Contributor

can we do analytics or SQL update after the Import? This would be a nice feature to connect the dots within IGA.

There is an actionable analytics with Action as Map Orphan Account. But problem is you cannot configure default action to automate this process. You have to take the action manually from analytics history report.

If you feel its good feature to have then you can open an idea ticket

https://ideas.saviynt.com/ideas/


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Analytics are just used for reporting (select queries).

You can correlate accounts to user using actionable analytics with action Map Orphan Accounts.

https://saviynt.freshdesk.com/support/solutions/articles/43000606546-configuring-allowed-actions#Con...

This report can be setup automatically after every accounts import or can be mapped manually. Since this is sql you should be able to write correlation logic 

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Paul_Meyer
Regular Contributor
Regular Contributor

What we do for some applications is 'promote' application account data to the user record custom properties. We then use the user customproperty attribute(s) in the account correlation config for other applications that can correlate on that promoted data.

For example, in an AD connector's USER_ATTRIBUTE config we set the user's customproperty20 value to the AD account's UPN. CUSTOMPROPERTY20::userPrincipalName#String

And use the user customproperty20 attribute in the correlation config for other application(s) which has the AD UPN as one of the application account attributes to find a match.

We also make use of the Saviynt for Saviynt feature. Whereby we make use of the UPDATEUSERJSON component to populate user custom properties from application account data or calculate values.

 

igaravi
Regular Contributor
Regular Contributor

Thanks All for your great suggestions. In our use case, a privileged User has multiple priv accounts with application specific naming standards and storing all these on the User schema is not possible as we are running low on User schema attributes. We will try out the Map Orphan Accounts option.