Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Entitlement owner update in AD

AtrayeeDutta
Regular Contributor
Regular Contributor

Hi Team,

We have entitlement owner attribute in AD import{"entitlementOwnerAttribute": "managedBy",}, but owners are not getting tagged,  the managedBy attribute in AD holding DN value for the owners, that is getting stored in CP15 for ents, we are using a SAV to SAV to populate the owners, but on next access import run the data populated by SAV to SAV is getting wiped off, on removing this ->"entitlementOwnerAttribute": "managedBy" from the config also wipping the data.

Can anyone let us know how can we restrict the wiping off the data after access import or populate the owners directly from the import.

{
"importGroupHierarchy": "true",
"entitlementTypeName": "",
"performGroupAccountLinking": "true",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,customProperty1:sAMAccountType_char,customProperty2:instanceType_char,customProperty3:uSNCreated_char,customProperty4:groupType_char,customProperty5:dSCorePropagationData_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whenCreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectCategory_char,customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:objectGUID_Binary,customProperty14:objectClass_char,updatedate:whenChanged_date,customPropErty17:distinguishedName_char,RECONCILATION_FIELD:entitlementid,customProperty18:objectGUID_Binary",
"entitlementOwnerAttribute": "managedBy",
"activeGroupPossibleValues": ["active", "a", "l", "TRUE"]
}

Regards,

Atrayee

4 REPLIES 4

Raghu
All-Star
All-Star

Directly we can't update owner , please check below article

https://forums.saviynt.com/t5/identity-governance/entitlement-owner-mapping-between-endpoints/m-p/86...

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

Manu269
All-Star
All-Star

@AtrayeeDutta Did you check this post :

Solved: Adding owner to Entitlements from Custom property - Saviynt Forums - 28348

Solved: Data truncation error for customproperty16 - Saviynt Forums - 50079

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

vivek9237
Regular Contributor
Regular Contributor

@AtrayeeDutta you have to configure "tableFieldAttribute" in your groupImportMapping.

tableFieldAttribute should hold the account column name where you have mapped the AD user's distinguishedName.

PFB an example where I have assumed that you have mapped the AD user's distinguishedName to accountId in the ACCOUNT_ATTRIBUTES mapping. 

{
  "importGroupHierarchy": "true",
  "entitlementTypeName": "",
  "performGroupAccountLinking": "true",
  "incrementalTimeField": "whenChanged",
  "groupObjectClass": "(objectclass=group)",
  "mapping": "memberHash:member_char,customProperty1:sAMAccountType_char,customProperty2:instanceType_char,customProperty3:uSNCreated_char,customProperty4:groupType_char,customProperty5:dSCorePropagationData_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whenCreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectCategory_char,customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:objectGUID_Binary,customProperty14:objectClass_char,updatedate:whenChanged_date,customPropErty17:distinguishedName_char,RECONCILATION_FIELD:entitlementid,customProperty18:objectGUID_Binary",
  "entitlementOwnerAttribute": "managedBy",
  "tableFieldAttribute": "accountId", // assuming you have mapped account's distinguishedName in accountId column of ACCOUNTS table
  "activeGroupPossibleValues": [
    "active",
    "a",
    "l",
    "TRUE"
  ]
}


 

Regards,

Vivek Mohanty


If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

rushikeshvartak
All-Star
All-Star

entitlementTypeName Should be memberOf


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.