Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Dynamic attribute in Account Name

Mahendran
New Contributor III
New Contributor III

Hi we need to create 5 types of accounts so we created a dynamic attribute in endpoint which will shows the drop down of 5 types of accounts (single select) we need to append the value that the user selected in the dynamic attribute to Account Name.

 

Is it possible to achieve this?

else any other solution to get the account name as Account Type + Username.

 

14 REPLIES 14

NM
Honored Contributor III
Honored Contributor III

Hi @Mahendran ,which connector are you using?


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Mahendran
New Contributor III
New Contributor III

It is Privileged AD application we are using AD connection 

NM
Honored Contributor III
Honored Contributor III

You can in account name rule of connection concat dynamic attribute with username and at the time of user submission just keep username as account name .. once you provision the account it will be updated automatically..


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Mahendran
New Contributor III
New Contributor III

How to concat the dynamic attributes using Advance config in Account Name rule?
if yes can you send me an example or syntax.

NM
Honored Contributor III
Honored Contributor III

@Mahendran , can't do it in account name rule .. but in connection you will find a json with accountname rule this is where you will define accountname rule.

Do something like this

CN=${concat(dynamic attribute name,user.username)},OU values..


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

NM
Honored Contributor III
Honored Contributor III

@Mahendran , did it work?


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Mahendran
New Contributor III
New Contributor III

sorry for the late reply,

I added this in AccountName Rule in AD connection,

CN=${concat(concat(Account_Type,'-'), user.systemUserName)},

We got this error while provisioning the task,
LDAP: error code 34 - 0000208F: NameErr: DSID-03100233, problem 2006 (BAD_NAME), data 8349, best match of: 'CN=${concat(concat(Account_Type,'-'), user.systemUserName)}

rushikeshvartak
All-Star
All-Star
  • Is this for normal account or functional account. Request form
  • you can get select user using 
  • select username from users where userkey =${requestee}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

We have a Privilege Ad Connection, Security system and endpoint similar to Normal AD ,

we need to add the type of account followed by '-' and userid as a accountname.
what can be do for this 

we tried of adding rule in AccountName rule in Connection  level but it is throwing error We got this error while provisioning the task,
LDAP: error code 34 - 0000208F: NameErr: DSID-03100233, problem 2006 (BAD_NAME), data 8349, best match of: 'CN=${concat(concat(Account_Type,'-'), user.systemUserName)}

Did you tried suggest approach in previous response?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NM
Honored Contributor III
Honored Contributor III

Hi @Mahendran , where are you taking this accounttype variable from? or is it a hardcoded value?


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

Mahendran
New Contributor III
New Contributor III

Hi,

I'm able to acheive the requirement by adding the AccountName rule in Connection in below manner.

CN=${accountType}-${user.systemUserName},OU..

This is working fine thanks @NM 

In this case actual account name and account created will be different and it will be issue in reconciliation 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

No we are using object GUID of the account to reconcile so that it won't cause any issues for us in reconciliation we already tried and its working