We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Entitlements filter and mapping

r-m
New Contributor
New Contributor

Hello,

I'm using the AD connector to import into Saviynt all accounts which fulfill the (objectCategory=person) filter and the entitlements which fulfill the (&(objectclass=group)(groupType:1.2.840.113556.1.4.803:=2147483648)(!(cn=DL_*))) filter. 

I'm able to import the desired set of accounts and entitlements by resorting to the OBJECTFILTER field and groupObjectClass filter in the groupImportMapping filter, if i don't use the ENTITLEMENT_ATTRIBUTE parameter. However, when doing so no mapping between accounts and entitlements occurs. 

When setting the ENTITLEMENT_ATTRIBUTE value as "memberOf", the mapping between accounts and entitlements is created but groups that do not meet the required group filter get imported.

1) Is it possible to use the OBJECTFILTER attribute to filter the entitlements which are imported when running the Import Accounts job with ENTITLEMENT_ATTRIBUTE as "memberOf"

2) Is there any other way to map accounts with entitlements without using the ENTITLEMENT_ATTRIBUTE? 

Thank you!

5 REPLIES 5

rushikeshvartak
All-Star
All-Star

You can’t change Entitlement attribute logic. did you tried advanced config ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hello,

Is advanced config the ADVSEARCH parameter which appears in the AD Connector? I cannot seem to find any explanation in the AD connector documentation as to how ADVSEARCH can be used or for what purpose.

Could you please provide further detail on what advance config is and how i could use it for this use case?

Thank you

Advance_Filter_JSON 

https://saviynt.freshdesk.com/support/solutions/articles/43000615764-active-directory-ad-connector-g... 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi,

Advance_Filter_JSON is only available from Release v5.5 SP3.5.1 onward so it does not appear in our AD connector. We do have an ADVSEARCH parameter which is not explained in the documentation, would that be the Advance_Filter_JSON for older versions?

You can try out 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.