Saviynt Forums

Aashish-Handa · ‎03/19/2024

Hi Team,

We would like to provision multiple group owners to AD while creating or updating the group from Saviynt.

We were able to find the below code snippet from docs but looks like it didn't work properly.

"otherManagedBy":"${ownerAccountListMap.get(allOwnerList?.get(1)?.userkey.username).get(0)?.accountID}"

When reconciled, the group came without any users. We have tested the recon for other groups and it works fine for multiple owners.

Request you to please let us know if we are missing something in the code snippet, or provide a working code snippet to provision multiple group owners in AD.

Thanks

adarshk · ‎03/20/2024

Please refer the below post and use ownerAccountListMap

Sample:

"managedBy": "${allOwnerList?.size()>0 && ownerAccountListMap.size()>0 && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).get(0)?.accountID:null}"

Referance: https://forums.saviynt.com/t5/identity-governance/ad-group-management-group-owner-in-createupdatemap...

Aashish-Handa · ‎03/20/2024

Hi @adarshk ,

Thanks for the response.

We actually have been using the same kind of code snippet for managedBy attribute, and this works for a single owner. Now, we want to provision multiple owners in a single group request. Is there a way we can loop this code snippet to achieve it?

Thanks

adarshk · ‎03/21/2024

can you retest with the above shared sample and let us know the results.

Aashish-Handa · ‎03/21/2024

Yes, I did retest. Only the first owner was updated in AD as owner out of the 3 owners in Saviynt.

adarshk · ‎03/21/2024

Only owner with Rank1 will be provisioned as managedby at AD is single valued attribute.

Aashish-Handa · ‎03/22/2024

Yes correct. This is the reason we are using an extended attribute otherManagedBy instead of managedBy to store multiple owners which is a multivalued attribute. Please advise.

Thanks

rushikeshvartak · ‎03/24/2024

"otherManagedBy":"${ownerAccountListMap.get(allOwnerList?.get(1)?.userkey.username).get(1)?.accountID}"

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Aashish-Handa · ‎03/27/2024

Hi @rushikeshvartak ,

The above code snippet will provision the second owner in the list, correct? What if there are more than two that we need to provision, and the number of owners to be determined at runtime.

I tried working on a looping code but the createupdatemappings does not support it.

Thanks

rushikeshvartak · ‎03/27/2024

ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username)?.collect { it?.accountID.join(', ') }

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Aashish-Handa · ‎04/10/2024

Nothing gets provisioned with this snippet.

[This message has been edited by moderator to mask sensitive info]

rushikeshvartak · ‎04/10/2024

"otherManagedBy": "${allOwnerList?.size() > 1 && ownerAccountListMap.size() > 0 && ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username) != null && ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username).size() > 0 ? ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username).get(0)?.accountID : null}"

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Aashish-Handa · ‎04/12/2024

No @rushikeshvartak , I need to provision n number of owners to my group.

The above mentioned code snippet will provision only one of them, which has been tested earlier as well.

rushikeshvartak · ‎04/12/2024

Does above snippet works ?

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Aashish-Handa · ‎04/22/2024

"otherManagedBy": "${allOwnerList?.size() > 1 && ownerAccountListMap.size() > 0 && ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username) != null && ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username).size() > 0 ? ownerAccountListMap.get(allOwnerList?.get(1)?.userkey?.username).get(0)?.accountID : null}"

Yes, this one does.

Thanks

Aashish-Handa · ‎04/22/2024

But as mentioned earlier, need to provision n number of owners to my group.

rushikeshvartak · ‎04/22/2024

How many owners are exists accordingly you need to join and change index

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Aashish-Handa · ‎04/23/2024

You mean something like this:

"otherManagedBy": "${allOwnerList?.size() > 9 && ownerAccountListMap.size() > 0 && ownerAccountListMap.get(allOwnerList?.get(9)?.userkey?.username) != null && ownerAccountListMap.get(allOwnerList?.get(9)?.userkey?.username).size() > 0 ? ownerAccountListMap.get(allOwnerList?.get(9)?.userkey?.username).get(0)?.accountID : null}"

But this snippet will only provision the 10th owner on the list, not the previous nine.

Thanks

rushikeshvartak · ‎04/23/2024

Yes

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

How to provision multiple owners for AD groups