Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Filtering Entitlements based on users company in a single endpoint

tgloblek
New Contributor III
New Contributor III

Hello,

I have a situation where all my entitlements are imported through one endpoint. Those are Azure AD groups. I also have users from different companies in Saviynt which all needs access to same Azure AD, but with assignment of different entitlements (AAD groups).

My question is how to best achieve that users from certain company (companyname attribute) can request only entitlements which customproperty20 is set to the name of their company.

Is it on entilement level filterin, or in global configuration? I tried to put the filter similar to this "AND ev.customproperty20 = ${requestor.companyname}" into global configuration under request section for "Request Entitlement Query" and "Query For Entitlements" but it does not seem to work.

1 REPLY 1

DaanishJawed
Saviynt Employee
Saviynt Employee

Hi,

You can filter the entitlement in ARS based on the config for Requestable Entitlement in ARS which is present at the endpoint level.

Navigate to Endpoint > Click on your endpoint > Click on Entitlement Type Tab > Select your entitlement type (click on the view details button) > Enter your query in Config for Requestable Entitlement in ARS.

Sample Query -

ev.customproperty20 in (select companyname from Users where userkey in (${requestee}))

Document for the same - https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter04-Onboarding-and-Managing-A...