Saviynt Forums

Hi Enakshi,

could you elaborate the second option a little bit more? The account import for the AD security system is already using AD connection. I don't quite get how we can update the same account object in Saviynt by using the account import of another connection.

Thanks

André

@Enakshi we are facing the same issue for personal accounts. In our case primary and admin. The mentioned field is not set on the request form, but we have dedicated endpoints for every account type:
Endpoint1: AD Primary
Endpoint2: AD Admin

We also have dedicated AD on premise attributes, that define the account type.These values are set during provisioning in AD. 
The issue is, that the wording should be different in AD on prem and in Saviynt. For example the values for the primary account would be:
AD: IntPri
Saviynt: Primary
Is it possible to transform those values via import or is it possible to automatically write the account type afterwards to the accounts considering a the AD on prem attribute?

Thanks

You can use saviynt4saviynt to transform values after ad import

@rushikeshvartak thanks for the response. Can you please elaborate a little bit on that, how this is possible for the AD account objects in Saviynt. So you telling, that we can update the values on the AD account object via sav4sav?

Do you want to update the account type as part of the import?

Thanks

Its like database connector and where you will mention security system and endpoint name of AD Endpoint and perform data manipulation

Yes @Alex 

1. First do AD accounts import

2. Write Sav to Sav to change the account type based on your logic/requirement. Below is the sample of the Sav to Sav. You can use this as base and modify it as per your requirement.

<![CDATA[Select a.name as name, s.SYSTEMNAME as securitysystem,e.ENDPOINTNAME as endpoint,
(CASE
WHEN a.endpointkey=30 THEN 'Primary Account'
WHEN a.endpointkey=70 THEN 'Disabled Account'
WHEN a.endpointkey IN(200,210) THEN 'Service Account'
WHEN a.endpointkey IN(80,90,100,110,120) THEN 'Privileged Account'
END) as accounttypename
from Accounts a
inner join endpoints e on e.endpointkey=a.endpointkey
inner join securitysystems s on s.systemkey=e.SECURITYSYSTEMKEY
where a.endpointkey IN(30,70,130,80,90,100,110,120,200,210)]]>
</sql-query>

<mapper description="This is the mapping field for SAviynt Field name" deleteaccountentitlement="true" ifusernotexists="noaction">
<mapfield saviyntproperty="accounts.name" sourceproperty="name" type="character"></mapfield>
<mapfield saviyntproperty="accounts.accounttype" sourceproperty="accounttypename" type="character"></mapfield>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpoint" type="character"></mapfield>
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="securitysystem" type="character"></mapfield>
</mapper>

3. When you schedule jobs , first run the account import job and post that run your Sav to Sav DB import job.

Hope this helps!

Thanks

Hi @dgandhi ,
really appreciate the elaborated answer! We will try to use the your example and adapt it to our current implementation and requirements.

One last question. The provided script is added to the UPDATEACCOUNTJSON right?

Thanks!

AccountsImport

Thanks

Hi @dgandhi ,

was finally able to test it and it was working so can confirm, this  is a valid solution. 
Nevertheless I would still have a query as we already have an AccountsImport xml existing.

How can we integrate the existing xml with the new requirement.
SQL query and mapping should only be used for one case.

For example:
Case 1: Update Sav4Sav account based on sql-query and perform mapping based on mapping description
Case 2. Update Active Directory accounts on sql-query and perform mapping based on mapping description

Let me know, if you need additional input.
Thanks
Alex