Saviynt Forums

Uzair · ‎02/17/2023

The solution should be able to generate random password for specific users (Eg: Username starting with 'ABC') when a user is added via userimport over DB connection
and notify them over email with their username and password (randomly generated by Saviynt) so that they are able to logon to Saviynt EIC
This solution does not have SSO.

We have created a Password Policy for the same and set the scope as 'user' and have an user update rule that will check the
condition if username starts with 'ABC' and take action - Notify as an email

In the email template, when we are using '${user.password}' it is sending the same password 'NO_PASSWORD' to the users

How do we achieve this task?

Saathvik · ‎02/17/2023

Use ${randompassword} for users whose username starts with 'ABC' since you are autogenerating.

Also I hope you already handled the logic in import when username starts with 'ABC' auto generate password instead of you assign the default password

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Uzair · ‎02/17/2023

How do we assign random autogenerate password in import logic and where do we assign it ?

Saathvik · ‎02/17/2023

I thought you are already assigning random password as part of User Import. Because by default saviynt doesn't require password to create/import users so all users will not have any password by default unless you mapping them as part of your import. Please share your USERIMPORT XML

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Uzair · ‎02/17/2023

This is the UserImport XML we are using, Please let us know if we need to add any specific import settings, Thanks.

<dataMapping>
    <sql-query description="This is the Source DB Query" uniquecolumnsascommaseparated="username">
        <![CDATA[Select USERID as username,firstname, lastname from db2db where USERID LIKE 'ABC%';
    ]]>
    </sql-query>
    <importsettings>
        <zeroDayProvisioning>true</zeroDayProvisioning>
        <generateEmail>false</generateEmail>
        <userNotInFileAction>NOACTION</userNotInFileAction>
        <checkRules>true</checkRules>
        <buildUserMap>true</buildUserMap>
        <generateSystemUsername>false</generateSystemUsername>
        <userReconcillationField>username</userReconcillationField>
    </importsettings>
    <mapper description="This is the mapping field for Saviynt Field name">
        <mapfield saviyntproperty="username" sourceproperty="username" type="character"></mapfield>
        <mapfield saviyntproperty="firstname" sourceproperty="firstname" type="number"></mapfield>
        <mapfield saviyntproperty="lastname" sourceproperty="lastname" type="character"></mapfield>
    </mapper>
</dataMapping>

Saathvik · ‎02/17/2023

I have personally not tried this but just want to give it a try.

Try to map password attribute and see if you are getting same value in email then you can think about implementing random password.

<dataMapping>
    <sql-query description="This is the Source DB Query" uniquecolumnsascommaseparated="username">
        <![CDATA[Select USERID as username,firstname, lastname, 'Testing@1234' as usr_password from db2db where USERID LIKE 'ABC%';
    ]]>
    </sql-query>
    <importsettings>
        <zeroDayProvisioning>true</zeroDayProvisioning>
        <generateEmail>false</generateEmail>
        <userNotInFileAction>NOACTION</userNotInFileAction>
        <checkRules>true</checkRules>
        <buildUserMap>true</buildUserMap>
        <generateSystemUsername>false</generateSystemUsername>
        <userReconcillationField>username</userReconcillationField>
    </importsettings>
    <mapper description="This is the mapping field for Saviynt Field name">
        <mapfield saviyntproperty="username" sourceproperty="username" type="character"></mapfield>
        <mapfield saviyntproperty="firstname" sourceproperty="firstname" type="number"></mapfield>
        <mapfield saviyntproperty="lastname" sourceproperty="lastname" type="character"></mapfield>
        <mapfield saviyntproperty="password" sourceproperty="usr_password" type="character"></mapfield>
    </mapper>
</dataMapping>

And use ${user.password} as variable for password in email template

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

rushikeshvartak · ‎02/19/2023

This will be security breach/audit concern don't use this method

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Uzair · ‎02/20/2023

Tried it for the purpose of testing, it sends out an encrypted password,
and when we use '${randomPassword}' in the email template, the email isn't getting sent.
How can we overcome this?

Uzair · ‎02/20/2023

Was able to login with password 'Test@123',
But how do we generate a random password and send it across in email?
${randomPassword} in UserImportJSON and EmailTemplate doesn't yield any results

rushikeshvartak · ‎02/17/2023

Use techical birth right rules

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Uzair · ‎02/17/2023

Please can you share an example of the Action ?

rushikeshvartak · ‎02/19/2023

You can try change password

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Uzair · ‎02/19/2023

Please can you elaborate on this as we don't have 'Change Password' under Technical rules ?

rushikeshvartak · ‎02/20/2023

User Update Rule*

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Uzair · ‎02/20/2023

The next step here after choosing 'Change Password' prompts us to choose an endpoint,
but we don't want to specify any endpoints since this password being generated is for Saviynt EIC.

abhiupadhyay · ‎02/20/2023

@rushikeshvartak you just showed the "changepassword" option in user update rule .. the issue is this user import will not have an end point... it's only a connection .. then what end point would I select for "changepassword" ... some detailed answer will really help.

Uzair · ‎03/14/2023

@rushikeshvartak @Saathvik
Do we have any update on this?

Saathvik · ‎03/14/2023

@Uzair You need to build a logic to generate random password in sql instead 'Testing@1234' and map it to usr_password in above SQL query I shared previously, you cannot use ${randompassword} in that query.

Example: SELECT CONCAT(SUBSTRING(firstname, 1,3),SUBSTRING(USERID, 1,3),SUBSTRING(lastname, 1,3),"#",CHAR_LENGTH(firstname),CHAR_LENGTH(USERID),CHAR_LENGTH(firstname))

But I feel it is not the right way to implement it. See if you can achieve using some user update rule or through external jar.

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Saviynt Forums

Generate random password for specific users via UserImport on DB connection