Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Dynamic Attribute for Service Account creation OU

fouriefb
Regular Contributor
Regular Contributor

‎02/13/2023 02:02 AM

Hi Experts,

We have a dynamic attribute for a field which we call application name which represents the Application OU  where service account is to be created. 

We are using the below query to get the second OU name in the Applications OU (where they keep service accounts) 

select distinct SUBSTRING_INDEX(SUBSTRING_INDEX(SUBSTRING_INDEX(entitlement_value,',OU=',2),'OU=',-1),',DC=',1) as id from entitlement_values where entitlementtypekey = (select entitlementtypekey from entitlement_types where entitlementname='memberOf' and endpointkey = (select endpointkey from endpoints where endpointname='Active Directory') and entitlement_value like "%,OU=Applications%" order by id asc

 

Whilst this is working it only brings the application name for OU where there is already an account created, the other (empty) OU's are not showing up.

As normal Enum is limited in characters we cannot use that.

Any ideas how we can work around this to see all OU's show up as Application for our Dynamic attribute even if there is no service account in the OU as yet.

Hope the above makes sense

 

0 Kudos
5 REPLIES 5

sk
All-Star
All-Star

‎02/13/2023 06:53 AM

Can  you give me the example OUs that you expected to see but not?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

fouriefb
Regular Contributor
Regular Contributor
In response to sk

‎02/13/2023 08:22 AM

Hi,

There is for example Backup and Billing and IN under the Applications OU which is not showing up

Thx

0 Kudos

sk
All-Star
All-Star
In response to fouriefb

‎02/13/2023 10:24 AM

I am not sure if it is typo while pasting the query but I see format issue with query, try below

select distinct SUBSTRING_INDEX(SUBSTRING_INDEX(SUBSTRING_INDEX(entitlement_value,',OU=',2),'OU=',-1),',DC=',1) as id from entitlement_values where entitlementtypekey = (select entitlementtypekey from entitlement_types where entitlementname='memberOf' and endpointkey = (select endpointkey from endpoints where endpointname='Active Directory')) and entitlement_value like "%,OU=Applications%" order by id asc

Also I wanted the OU structure which are not showing to see if there is any issue with substring logic


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

fouriefb
Regular Contributor
Regular Contributor
In response to sk

‎02/14/2023 03:59 AM

Hi sk,

Thanks for the reply. It is probably just paste issue as it's the same as yours above currently.

Please see structure query is bringing as to what is expected below that

fouriefb_0-1676375716605.png

fouriefb_1-1676375778760.png

Thanks in advance

0 Kudos

sk
All-Star
All-Star
In response to fouriefb

‎02/14/2023 06:30 AM

Do you have entitlements coming in all these OUs? Looking at AD screenshot I don't think some of the OUs have entitlement.

Because your query built around getting name from entitlement OU. if you don't have an entitlement in respective OU then you might not be able to show them. As far as query logic point of view I don't see any issue only thing is it will not show name of application if an entitlement is not coming from that OU.

If you want to show the application name irrespective of whether entitlement exist is respective ou or not then I would suggest other ways to do it.

  1. Export the list of OUs from AD and import in to Saviynt as a Dataset and use a query to list the application names  in Dynamic Attribute from dataset.
  2. Another way is configure OU import using AD connector which will bring OUs into Saviynt and then use the query to list application names in Dynamic Attributes

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos
Copyright © 2024 Khoros, LLC