Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Entitlement Owner Mapping Between Endpoints

aidanryan
New Contributor III
New Contributor III

Hello,

 

We have two AD connections; one for regular user accounts and one for admin accounts. We are wanting to map the accountID of an owner on the regular AD connection to be the owner of the entitlement on the Admin AD connection. Is there a way to do this in the groupImportMapping in the AD_Admin connection? They both have their own connection, security system, and endpoint. This is what we have in the AD_Admin connection right now for the groupimportmapping JSON.

 

 

 

{
    "importGroupHierarchy": "true",
    "entitlementTypeName": "memberOf",
    "performGroupAccountLinking": "true",
    "incrementalTimeField": "whenChanged",
    "groupObjectClass": "(objectclass=group)",
    "mapping": "memberHash:member_char,customProperty1:sAMAccountType_char,customProperty2:instanceType_char,customProperty3:uSNCreated_char,customProperty4:groupType_char,customProperty5:dSCorePropagationData_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whenCreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectCategory_char,customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:distinguishedName_char,customProperty14:objectClass_char,updatedate:whenChanged_date,customProperty17:distinguishedName_char,RECONCILATION_FIELD:customproperty18,customProperty18:objectGUID_Binary",
    "entitlementOwnerAttribute": "managedBy"
}

 

We tried adding this below:

"tableFieldAttribute": "accountID"

But, it just tries to map it to an admin account when the owners are just our standard AD user on the other connection.

 

6 REPLIES 6

Raghu
Valued Contributor III
Valued Contributor III

try to add and check

"entitlementOwnerAttribute": "managedBy_char"


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

vm
New Contributor III
New Contributor III

@aidanryan This is currently not possible. 

entitlementOwnerAttribute config checks in that particular Endpoint, rather than checking in other Endpoints.

Regards,
Vivek Mohanty

If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem

rushikeshvartak
All-Star
All-Star

You can't map owner from different application. This is not supported in any connector. Owner needs to have account in same application


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak @vm What if we did a SAV-To-Sav connection? We are pulling in the owner on the admin connection, but just to a customproperty. I tried @Raghu suggestion, but it didn't work sadly. What we do have is this:

"customproperty15": "managedBy_char"

Which works on pulling the owner, just doesn't for entitlementOwnerAttribute.

Owner needs to be from same endpoint irrespective of connector / sav4sav


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak  We ended up doing an actionable analytic using the action "Map Entitlement Owner". Since we already can pull the owner into CustomProp15, we just cut down the full CN path to display the First.Last username. Plan is to use this query to map the entitlements, then we will make another one to monitor for changes and to email our team weekly with any mismatches between CustomProp15 and the Owner. Here is the query we used below:

 

SELECT ev.displayname, u.username, ev.ENTITLEMENT_VALUEKEY AS 'entvaluekey', SUBSTRING( ev.CUSTOMPROPERTY15, LOCATE('CN=', ev.CUSTOMPROPERTY15) + 3, LOCATE(',', ev.CUSTOMPROPERTY15, LOCATE('CN=', ev.CUSTOMPROPERTY15)) - LOCATE('CN=', ev.CUSTOMPROPERTY15) - 3 ) AS CN_First_Last FROM entitlement_values ev JOIN entitlement_types et on ev.ENTITLEMENTTYPEKEY = et.ENTITLEMENTTYPEKEY LEFT JOIN entitlement_owners eo on ev.ENTITLEMENT_VALUEKEY = eo.ENTITLEMENT_VALUEKEY LEFT JOIN users u on eo.userkey = u.userkey WHERE ev.customproperty15 IS NOT NULL AND et.endpointkey = 4 AND u.username IS NULL