This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ENDPOINTS_FILTER across multiple connections

RV
New Contributor
New Contributor

‎01-22-2023 11:17 AM

We have been using ENDPOINTS_FILTER to create endpoints by group a set of entitlements at the connection level, but we have a requirement to group entitlements from two different Connections (like AD and LDAP Connector) in an Endpoint, in which case we will not be able to use ENDPOINTS_FILTER as they are defined at connection level.

We plan to manually create Security System/Endpoints/Dummy Entitlement (EntA/EntB) and then map the Dummy Entitlement (EntA to AD ent1) and  (EntB to LDAP ent2) in Other Entitlement details.   

I have couple of questions regarding the usecase :

1.  Is there any other recommended way to build an Secruity System/Endpoint when its entitlements are derived from multiple Endpoints (connections)?

2. What is the difference between Associated Entitlement and Other Entitlement Details where we can define a Entitlement Map  on a Entitlement?

3. How do we map users to Dummy Entitlement (EntA or EntB) on existing users that are having AD or LDAP entitlements if they are mapped through Entitlement Map (within Other Entitlement Details) ?

Labels:
0 Kudos
5 REPLIES 5

rushikeshvartak
All-Star
All-Star

‎01-22-2023 02:51 PM

  • Endpoint filter worked based on connection hence you need to use per connection    
  • 1. You can create other applications as normal applications 
  • 2. Associated entitlements belongs to same endpoint whereas entitlement map belong to other endpoints entitlements 
  • 3. This will be automatically shown if those are already assigned in target. If its not assigned you can assigned one time to existing accounts

 

 

 

 

 

 


Regards,
Rushikesh Vartak
0 Kudos

RV
New Contributor
New Contributor

‎01-23-2023 05:05 AM

What is the process to map it to existing users?  If a user has an entitlement_A on Active Directory, then the user should have Ent_A on the manually created Endpoint?

Also, if we have to trigger certification on the manually created Endpoint and its entitlements, does the removing Ent_A removes the entitlement_A on Active Directory if it is mapped through 'Other Entitlement Details' -> Entitlement Map?

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to RV

‎01-23-2023 05:07 AM

Yes it will remove mapped entitlements using certification.

for manually created endpoints you can map using account import sheet


Regards,
Rushikesh Vartak
0 Kudos

RV
New Contributor
New Contributor

‎01-23-2023 05:10 AM

Thanks.  Can this be done through a Job ?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to RV

‎01-23-2023 05:29 AM

You can do using DB/REST / any connector


Regards,
Rushikesh Vartak
0 Kudos
Copyright © 2023 Khoros, LLC