Saviynt Forums

Community_User · ‎04/12/2022

Originally posted on September 1 2020 at 13:08 UTC

Hi Experts,

I have a LDAP connector and I am mapping proxyAddress attribute to CP 1 in account attribute in Connection JSON.

Now this proxyAddress is a multivalued attribute and I want one of the value of this attribute to use as a User Account correlation rule.

For ex:

proxyAddress:

abc.abc@company.com

abc.abc@on.company.com

abc.abc@on.microsoft.com

In Saviynt Users, User A has email abc.abc@company.com. I want this value for correlation.

How can I achieve that? I have not found something similar in Freshdesk.

Thanks and Regards,

Rituparna Das

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on September 2 2020 at 15:41 UTC

Hi Rituparna,

Greetings!

If the account cp1 is separated by a delimiter and you know the exact position of the value in multi-valued attribute, then you can use advanced config in user account correlation rule (in endpoint show page) to achieve this

users.email=SUBSTRING_INDEX(accounts.customproperty1, ",", 1)

This feature is available post 5.4.1 release version of SSM

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on September 2 2020 at 15:54 UTC

Hi Aarthi,

The problem is we would not know the exact position of the value. Some users may have 1 proxyaddress and some may have 5.

Thanks,

Rituparna Das

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on September 2 2020 at 16:10 UTC

Hi Rituparna,

How do you determine which value from the set of proxy addresses you want to correlate to user's email?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on September 2 2020 at 16:25 UTC

Hi Aarthi,

The User's email attribute in saviynt will be matching with one of the proxy addresses value. It can match with the first one or 5th one.

Thanks and Regards,

Rituparna Das

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on September 2 2020 at 21:20 UTC

Hi Rituparna,

In that case, you can use below condition.

Multiple rules can be defined separated by # as below. You need to specify the rules based on the max number of proxyaddress you may get from LDAP

As soon as the condition is matched, next rule will not process.

users.email=SUBSTRING_INDEX(accounts.customproperty1, ",", 1) # users.email=SUBSTRING_INDEX(accounts.customproperty1, ",", 2) #

users.email=SUBSTRING_INDEX(accounts.customproperty1, ",", 3) #

users.email=SUBSTRING_INDEX(accounts.customproperty1, ",", 4) #

users.email=SUBSTRING_INDEX(accounts.customproperty1, ",", 5)

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on September 3 2020 at 15:34 UTC

Hi Aarthi,

The values are coming in customproperty1 as abc.abc@company.com,992272782@company.com,abc.abc@gecompany.mail.onmicrosoft.com,992272782@mail.ad.ge.com

but the account got imported as an orphan account.

Thanks and Regards,

Rituparna Das

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on September 3 2020 at 15:42 UTC

Rituparna,

Good morning!

Can you share your LDAP connector Account_attribute parameter?

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on September 3 2020 at 16:22 UTC

Hi Aarthi,

The query SUBSTRING_INDEX(accounts.customproperty1, ",", 2) will return abc.abc@company.com,992272782@company.com as a whole. So anyway this subsquent query not able to correlate account.

[CUSTOMPROPERTY2::vuserid#String,ACCOUNTID::distinguishedName#String,NAME::sAMAccountName#S

tring,CUSTOMPROPERTY1::proxyAddresses#String,RECONCILATION_FIELD:ACCOUNTID]

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User · ‎04/12/2022

Originally posted on September 4 2020 at 23:38 UTC

Hi Rituparna,

Greetings!

You can use below user account correlation rule to achieve your use case. You can define as many rules as the max number of comma separated values in your proxy address

users.email=SUBSTRING_INDEX(SUBSTRING_INDEX('accounts.customproperty1', ',', 1), ',', -1) #

users.email=SUBSTRING_INDEX(SUBSTRING_INDEX('accounts.customproperty1', ',', 2), ',', -1)#

users.email=SUBSTRING_INDEX(SUBSTRING_INDEX('accounts.customproperty1', ',', 3), ',', -1)#

users.email=SUBSTRING_INDEX(SUBSTRING_INDEX('accounts.customproperty1', ',', 4), ',', -1)#

users.email=SUBSTRING_INDEX(SUBSTRING_INDEX('accounts.customproperty1', ',', 5), ',', -1)

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Saviynt Forums

How to map multivalued attributes in User Account Correlation Rule