10/28/2022 04:11 AM
I'm using the AD connector to import into Saviynt all accounts which fulfill the (objectCategory=person) filter and the entitlements which fulfill the (&(objectclass=group)(groupType:1.2.840.1135220.127.116.113:=2147483648)(!(cn=DL_*))) filter.
I'm able to import the desired set of accounts and entitlements by resorting to the OBJECTFILTER field and groupObjectClass filter in the groupImportMapping filter, if i don't use the ENTITLEMENT_ATTRIBUTE parameter. However, when doing so no mapping between accounts and entitlements occurs.
When setting the ENTITLEMENT_ATTRIBUTE value as "memberOf", the mapping between accounts and entitlements is created but groups that do not meet the required group filter get imported.
1) Is it possible to use the OBJECTFILTER attribute to filter the entitlements which are imported when running the Import Accounts job with ENTITLEMENT_ATTRIBUTE as "memberOf"?
2) Is there any other way to map accounts with entitlements without using the ENTITLEMENT_ATTRIBUTE?
10/30/2022 05:20 PM
You can’t change Entitlement attribute logic. did you tried advanced config ?
10/31/2022 05:01 AM
Is advanced config the ADVSEARCH parameter which appears in the AD Connector? I cannot seem to find any explanation in the AD connector documentation as to how ADVSEARCH can be used or for what purpose.
Could you please provide further detail on what advance config is and how i could use it for this use case?
10/31/2022 07:24 AM
11/02/2022 06:40 AM
Advance_Filter_JSON is only available from Release v5.5 SP3.5.1 onward so it does not appear in our AD connector. We do have an ADVSEARCH parameter which is not explained in the documentation, would that be the Advance_Filter_JSON for older versions?
11/02/2022 08:07 AM