01-22-2023 11:17 AM
We have been using ENDPOINTS_FILTER to create endpoints by group a set of entitlements at the connection level, but we have a requirement to group entitlements from two different Connections (like AD and LDAP Connector) in an Endpoint, in which case we will not be able to use ENDPOINTS_FILTER as they are defined at connection level.
We plan to manually create Security System/Endpoints/Dummy Entitlement (EntA/EntB) and then map the Dummy Entitlement (EntA to AD ent1) and (EntB to LDAP ent2) in Other Entitlement details.
I have couple of questions regarding the usecase :
1. Is there any other recommended way to build an Secruity System/Endpoint when its entitlements are derived from multiple Endpoints (connections)?
2. What is the difference between Associated Entitlement and Other Entitlement Details where we can define a Entitlement Map on a Entitlement?
3. How do we map users to Dummy Entitlement (EntA or EntB) on existing users that are having AD or LDAP entitlements if they are mapped through Entitlement Map (within Other Entitlement Details) ?
01-22-2023 02:51 PM
01-23-2023 05:05 AM
What is the process to map it to existing users? If a user has an entitlement_A on Active Directory, then the user should have Ent_A on the manually created Endpoint?
Also, if we have to trigger certification on the manually created Endpoint and its entitlements, does the removing Ent_A removes the entitlement_A on Active Directory if it is mapped through 'Other Entitlement Details' -> Entitlement Map?
01-23-2023 05:07 AM
Yes it will remove mapped entitlements using certification.
for manually created endpoints you can map using account import sheet
01-23-2023 05:10 AM
Thanks. Can this be done through a Job ?
01-23-2023 05:29 AM