Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

ENDPOINTS_FILTER across multiple connections

RV
Regular Contributor
Regular Contributor

We have been using ENDPOINTS_FILTER to create endpoints by group a set of entitlements at the connection level, but we have a requirement to group entitlements from two different Connections (like AD and LDAP Connector) in an Endpoint, in which case we will not be able to use ENDPOINTS_FILTER as they are defined at connection level.

We plan to manually create Security System/Endpoints/Dummy Entitlement (EntA/EntB) and then map the Dummy Entitlement (EntA to AD ent1) and  (EntB to LDAP ent2) in Other Entitlement details.   

I have couple of questions regarding the usecase :

1.  Is there any other recommended way to build an Secruity System/Endpoint when its entitlements are derived from multiple Endpoints (connections)?

2. What is the difference between Associated Entitlement and Other Entitlement Details where we can define a Entitlement Map  on a Entitlement?

3. How do we map users to Dummy Entitlement (EntA or EntB) on existing users that are having AD or LDAP entitlements if they are mapped through Entitlement Map (within Other Entitlement Details) ?

5 REPLIES 5

rushikeshvartak
All-Star
All-Star
  • Endpoint filter worked based on connection hence you need to use per connection    
  • 1. You can create other applications as normal applications 
  • 2. Associated entitlements belongs to same endpoint whereas entitlement map belong to other endpoints entitlements 
  • 3. This will be automatically shown if those are already assigned in target. If its not assigned you can assigned one time to existing accounts

 

 

 

 

 

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

What is the process to map it to existing users?  If a user has an entitlement_A on Active Directory, then the user should have Ent_A on the manually created Endpoint?

Also, if we have to trigger certification on the manually created Endpoint and its entitlements, does the removing Ent_A removes the entitlement_A on Active Directory if it is mapped through 'Other Entitlement Details' -> Entitlement Map?

 

Yes it will remove mapped entitlements using certification.

for manually created endpoints you can map using account import sheet


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

Thanks.  Can this be done through a Job ?

You can do using DB/REST / any connector


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.