Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Get Service Account Owner AccountID from Accounts table

Go to solution
AashishD
Regular Contributor II
Regular Contributor II

‎07/31/2023 05:19 AM

Hi,

We need to map Service Account Owners of Service accounts in AD under the manager attribute of Active Directory. However, we need to fetch the service account owners DN from their account properties.

Can someone  help what to write in the create account JSON so that the account owners' DN from their accounts property can be fetched and translated back to AD?

0 Kudos
12 REPLIES 12

Go to solution
pmahalle
All-Star
All-Star

‎07/31/2023 05:41 AM - edited ‎07/31/2023 05:42 AM

Hi @AashishD ,

Can you try below expression to get dn of owner from accountid of the user's account.

${if(ownerAccountListMap.size()>0 && allOwnerList.size()>0){ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.accountID:''}else{''}}


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

Go to solution
AashishD
Regular Contributor II
Regular Contributor II
In response to pmahalle

‎07/31/2023 06:20 AM - edited ‎07/31/2023 06:21 AM

Hi Paddy,

Thank you for the prompt response.

We included the following in our create account json

"manager": "${if(ownerAccountListMap.size()>0 && allOwnerList.size()>0){ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.accountID:''}else{''}}",

However, we get an error as 

Error while creating account SERTESTUAT2 in AD - No such property: ownerAccountListMap for class: SimpleTemplateScript1781\n","stream":"stdout","time":"2023-07-31T13:17:13.848653689Z"}

0 Kudos

Go to solution
pmahalle
All-Star
All-Star
In response to AashishD

‎07/31/2023 06:41 AM

Hi @AashishD ,

Are you storing AD account's DN on any of the user's customproperty? If yes use below expression and replace your user's custom property holding DN.

"manager" : "${if((ServiceAccountOwnerMap.get('USEROWNERS').get('1').collect{it.custompropertyXX.toString()}[0])!=null && (ServiceAccountOwnerMap.get('USEROWNERS').get('1').collect{it.custompropertyXX.toString()}[0])!=''){ServiceAccountOwnerMap.get('USEROWNERS').get('1').collect{it.custompropertyXX.toString()}[0]}}"


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

Go to solution
AashishD
Regular Contributor II
Regular Contributor II
In response to pmahalle

‎07/31/2023 06:51 AM

Hi Paddy,

We are not storing the user's DN for AD in the users table but in the accounts table as the accountID of the user for the particular endpoint (That is Active Directory) 

0 Kudos

Go to solution
AashishD
Regular Contributor II
Regular Contributor II
In response to pmahalle

‎08/16/2023 11:20 PM

Hi Paddy,

If this is the only way then how do we map AD DN to Users CP in EIC?

0 Kudos

Go to solution
AashishD
Regular Contributor II
Regular Contributor II

‎08/16/2023 10:27 PM

Hi,

Any help on this?

0 Kudos

Go to solution
pmahalle
All-Star
All-Star
In response to AashishD

‎08/17/2023 12:13 AM

Hi @AashishD ,

You can use SAV4SAV to add Active Directory DN into user's CP. I have attached the sample XML which you can use for adding DN from account's accountID to user's CP45. 


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
Preview file
2 KB

Go to solution
AashishD
Regular Contributor II
Regular Contributor II
In response to pmahalle

‎08/17/2023 12:33 AM

Hi Paddy,

We tried to pull the User's DN from AD into User's EIC via User_Attribute and used the above code :

"manager" : "${if((ServiceAccountOwnerMap.get('USEROWNERS').get('1').collect{it.custompropertyXX.toString()}[0])!=null && (ServiceAccountOwnerMap.get('USEROWNERS').get('1').collect{it.custompropertyXX.toString()}[0])!=''){ServiceAccountOwnerMap.get('USEROWNERS').get('1').collect{it.custompropertyXX.toString()}[0]}}"

 

 

Do you see any issue in this method?

0 Kudos

Go to solution
pmahalle
All-Star
All-Star
In response to AashishD

‎08/17/2023 12:54 AM

Hi @AashishD ,

You can try below in USER_ATTRIBUTE in order to recon DN in CP45 of user.

[
UPDATEDATE::whenChanged#customDate--yyyyMMddHHmmss.'0Z',
CREATEDATE::whenCreated#customDate--yyyyMMddHHmmss.'0Z',

CUSTOMPROPERTY45::distinguishedName#String,
USERNAME::sAMAccountName#String,
RECONCILATION_FIELD::USERNAME
]

Let me know if it helps.


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

Go to solution
AashishD
Regular Contributor II
Regular Contributor II
In response to pmahalle

‎08/17/2023 01:24 AM

The User Attribute Import works fine, but part 2 of the issue is when I create a service account the following code does not set the manager. The same code works while updating a service account.

Am I missing something?

"manager" : "${if((ServiceAccountOwnerMap.get('USEROWNERS').get('1').collect{it.customproperty8.toString()}[0])!=null && (ServiceAccountOwnerMap.get('USEROWNERS').get('1').collect{it.customproperty8.toString()}[0])!=''){ServiceAccountOwnerMap.get('USEROWNERS').get('1').collect{it.customproperty8.toString()}[0]}}"

0 Kudos

Go to solution
pmahalle
All-Star
All-Star
In response to AashishD

‎08/17/2023 03:03 AM

@AashishD So while creating you are selecting correct user as owner whose customproperty8 have correct DN of active account in AD?


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

Go to solution
AashishD
Regular Contributor II
Regular Contributor II
In response to pmahalle

‎08/17/2023 04:00 AM

Hi Paddy,

I was making some errors in the code.

This works now!

Thanks.

0 Kudos
Copyright © 2024 Khoros, LLC