Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Duplicate Entitlement

Go to solution
ant
New Contributor
New Contributor

‎02/09/2023 11:33 PM

Hi

if an Active Directory group that exists in Saviynt is relocated to a different organizational unit and the import process is run again?

Will the group and its linked accounts be imported once more or will a duplicate group be generated, one with an "active" status without accounts and the other with a status of "none" but with accounts?

Labels:
0 Kudos
3 REPLIES 3

Go to solution
sk
All-Star
All-Star

‎02/10/2023 06:56 AM

It depends on your groupImportMapping mapping. If you mapped entitlementid field with AD DN then it will create another entitlement and old entitlement will get inactive. If you have performGroupAccountLinking set to true then during group import itself it will pull the respective membership.


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Go to solution
rushikeshvartak
All-Star
All-Star

‎02/10/2023 04:32 PM

every group having unique dn hence it should not create duplicate entitlements. If its creating share logs and mapping


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
timchengappa
Saviynt Employee
Saviynt Employee

‎02/13/2023 04:11 AM

When a group is moved to another OU in AD, the DN changes for the group but the GUID remains the same.

If you have configured objectGuid as the reconciliation field(which is also a best practice) then a duplicate will not be created.

PFB the screenshots, where a group was moved from one OU to another. The DN was changed 
but the entitlement ID remains the same and hence only the metadata for the group was updated without creating any duplicates. The EntitlementValueKey in the URL(15512555: Internal primary reference to the group object) is the same but DN was updated.

Original Group
Original Group.png

After Group was moved to another OU
After group was mopved to another OU.png

If you configure DN as the reconciliation field, it will create duplicate entitlements in EIC and in-activated the original group in Saviynt

0 Kudos
Copyright © 2024 Khoros, LLC