Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Entitlements With New Account on multiple SamAccounts

PascalMontreuil
New Contributor III
New Contributor III

Hello Guys,

Right now we have a connected application that once we request an entitlement we are also given the user an Azure group via the Entitlements With New Account

The issue that we are facing is that some of our user have multiple SamAccount example User (Main Account) - User1 (secondary) - User2 (third) so when we provision the entitlement, it give the Azure group to the User2 and not the main account.  Worst case, we would like to give the Azure group to all the SamAccounts but the goal is only to the main User account.

Is there a way to do this.

Pascal Montreuil
9 REPLIES 9

rushikeshvartak
All-Star
All-Star

Use applications role concept or entitlement map concept


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Do you have the link of that documentation ?

Pascal Montreuil

PascalMontreuil
New Contributor III
New Contributor III

Thank you for the quick respond, but we don't want to exclude entitlements, we want to give the Azure group on the Entitlements With New Account in the endpoint to the main SamAccount of the user, not is latest one created

Pascal Montreuil

You can add same under entitlement map . For testing add one of the entitlement under emap and request for parent entitlement and you find both parent & entitlement from emap will be added 

You can find different filters available under emap


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

PascalMontreuil
New Contributor III
New Contributor III

Hello @rushikeshvartak, ok we don't see how the entitlement map will work for us, so let go to option B.  Here is a use case : Security System and Endpoint "Application test" provision an Azure Group with the Entitlements With New Account  option.  So if a user has 3 AD accounts, we would like to provision the Azure Group to the 3 AD account and not only to the latest one, because right now it's provisioning on the latest created AD account of the user and our option A was to provision on the main AD account.

Pascal Montreuil

Saviynt will assign to random one or latest on in case of Entitlements With New Account 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Thank you, so there is no way to give the entitlements to all is AD accounts

Pascal Montreuil

There are alternatives like request rule / analytics you can use those 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.