Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

How to provision entitlements coming from HR source to AD

poonammhetre
New Contributor II
New Contributor II

Hello,

Is there any way to provision the entitlements coming from HR source to AD? We have usecase where account-entitlement data is getting imported from HR source under account profile and we need to provision the same entitlements into AD.

eg.

User A has 2 entitlements assigned to him for application HR-Source(entitlement x, entitlement y)
same entitlements should get provisioned into AD. (Consider that entitlement x and entitlement y are already present in AD)

Can anyone provide pointers on how to implement this usecase?

Thanks,
Poonam

 

15 REPLIES 15

rushikeshvartak
All-Star
All-Star
  • Use entitlement map 
  • actional report
  • technical rule

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak  Could you please explain a bit more about it? 

You can create actional report based on entitlements on daily basis add access to ad endpoint same entitlement if not exists

use provision access action for actionable report


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

poonammhetre
New Contributor II
New Contributor II

@rushikeshvartak  Could you please explain how to implement it using technical rule?

You mentioned data is coming from HR source . Are you storing in users cp


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@arushi2403   Entitlement information is getting stored under account profile.

eg. There are 2 types of entitlements Courses and Unit Sets.

User can have both the entitlement types and multiple entitlements.

eg, 3 courses and 2 UNIT sets

and this information is getting stored under users HR source account.  

Do you know how to provision multiple entitlements for same user in actionable analytics using provision action?

 

 

Its seems your problem statement is confusing. How User import will bring accounts ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak 

we are importing user information from HR under user profile. Also same user information is imported under accounts. We dont have etitlement infomation avaiable under user  but it is available under users accounts.

So the requirement is that when users account-entitlement information is updated then it is expected to provision same to the AD. 

Use actionable report in this case.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

poonammhetre
New Contributor II
New Contributor II

@rushikeshvartak  If we manage to get the entitlement info on user profile, is it possible to make use of technical rules?

eg. users CP will have value ent1,ent2,ent3 .

Then how to trigger add access task from technical rule for all 3 entitlement? There can be N no. of entitlement seperated by comma.

You can create multiple rules and substring individual value form CP if you stored value on users CP


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

poonammhetre
New Contributor II
New Contributor II

@rushikeshvartak  eg. If users customproperty has value "ent1,ent2,ent3".  There can be N no. of entitlements seperated by comma.  

How to write technical rule which can separate out each entitlement value and create ADD access task?

I know that we can dynamically assign entitlements like below

AND Assign Groups::CN=All-Staff${user.employeeid.substring(user.employeeid.length()-1,user.employeeid.length())},OU=Resource,OU=Groups,DC=xxx,DC=xxx,DC=xx,DC=xx

But question is how to seperate out N no. of entitlement from users CP and create ADD access task for each entitlement? Is there any way we can use for loop to iterate over comma separted values in technical rule?

Go with report which will be clean approch


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

@rushikeshvartak  With actionable report, first I need to get the list of account- entitlement membership for application called "HRSource" and then provision the access for AD application. 

Do you know how to do that? Do you have any sample query ?

 

  • get list of entitlements assigned in HRSource Application for account 
  • get list of account from second application and match entitlement name from first result and povide access.

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.