Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How does the Endpoint filter works

Saviynt_learner
Regular Contributor II
Regular Contributor II

‎11/25/2023 07:02 AM

Hi all,

I'm curious to understand this Endpoint filter feature in Ad connection.  I have refered this section: https://docs.saviyntcloud.com/bundle/AD-v2021x/page/Content/Configuring-the-Integration-for-Importin....

 

But Quite didn't understand the complete flow. We will use this feature to create separate endpoints and import group/accounts for these endpoints. So what if a new user from saviynt is requesting for a endpoint, will it create new account in AD every time a user request for different endpoint?. Can anyone explain it Clearly?

 

Labels:
0 Kudos
3 REPLIES 3

rushikeshvartak
All-Star
All-Star

‎11/25/2023 10:13 PM

Endpoint Filter is used to create logical application from actual technical application.

for example AD Based application all groups will be pulled based on connection filter on logical endpoint/ application (main application)


Endpoint Filter will create subset of same entitlement and account based on Endpoint filter mentioned on exact name or naming connection wild card.

{
"AWS":
[
{
"memberOf":
["CN=ADGroup15,DC=sav,DC=com",
"CN=ADGroup12,DC=sav,DC=com",
"CN=GroupAWS%"
]
}
]
}

In above example new logical application AWS will be created with entitlement with exact name as CN=ADGroup15,DC=sav,DC=com & CN=ADGroup12,DC=sav,DC=com & Group name start with CN=GroupAWS


for both account & entitlement object referenced accountkey & referernce entitlement key is maintained in logical endpoint to technical endpoint which is used for reconciliation and provisioning hence no new account is created in target but only created in saviynt


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Saviynt_learner
Regular Contributor II
Regular Contributor II

‎11/25/2023 10:37 PM

Thank you @rushikeshvartak .

 

Suppose if I'm a new user and need access to this AWS endpoint, to which application should I request for. Is it AD or AWS. If it's AWS then what happens when I request for account for AWS, will also create an account inAD endpoint?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Saviynt_learner

‎11/26/2023 08:41 AM

When you need access to entitlement belongs to AWS Entitlements then you can request for AWS application and it will not create account in AD. It will use existing AD account from technical endpoint as reference and account will be created only in saviynt so that access can be added .


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC