I'm curious to understand this Endpoint filter feature in Ad connection. I have refered this section: https://docs.saviyntcloud.com/bundle/AD-v2021x/page/Content/Configuring-the-Integration-for-Importin....
But Quite didn't understand the complete flow. We will use this feature to create separate endpoints and import group/accounts for these endpoints. So what if a new user from saviynt is requesting for a endpoint, will it create new account in AD every time a user request for different endpoint?. Can anyone explain it Clearly?
Endpoint Filter is used to create logical application from actual technical application.
for example AD Based application all groups will be pulled based on connection filter on logical endpoint/ application (main application)
Endpoint Filter will create subset of same entitlement and account based on Endpoint filter mentioned on exact name or naming connection wild card.
In above example new logical application AWS will be created with entitlement with exact name as CN=ADGroup15,DC=sav,DC=com & CN=ADGroup12,DC=sav,DC=com & Group name start with CN=GroupAWS
for both account & entitlement object referenced accountkey & referernce entitlement key is maintained in logical endpoint to technical endpoint which is used for reconciliation and provisioning hence no new account is created in target but only created in saviynt
When you need access to entitlement belongs to AWS Entitlements then you can request for AWS application and it will not create account in AD. It will use existing AD account from technical endpoint as reference and account will be created only in saviynt so that access can be added .