Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/05/2024 12:31 PM
Hello,
I have Logical AD Apps with more than 25 entitlements, How can I break down these entitlement and custom assign them to an App name that matches the entitlements in Saviynt?
09/05/2024 12:51 PM
You can use endpoint_filter in ad connection. Follow below doc , it has sample jsons
If you know this already and you have a specific challenge. Pleas eshare that.
09/05/2024 01:17 PM
@wizzy custom assign isn't possible you need to define endpoint name and then the group which should be part of it.
09/05/2024 01:32 PM
09/11/2024 12:26 PM - edited 09/11/2024 12:45 PM
Hello @rushikeshvartak
I have created the Logical AD Apps already in Saviynt using the EndPoint filter and the Json script for the AD App OUs- The Issue now is, some of the apps from AD have alot of Entitlement attached to them.We want to create new app tiles and name in the application request portal and attached the entitlements to it from the current logical AD apps huge entitlement but with different app names. So, I want to create another app tiles in the application access request screen and attach from entitlement to the new tile that I create. Can you share how to do this with screen shot? Thank you
09/11/2024 02:20 PM - edited 09/11/2024 02:20 PM
Refer below https://docs.saviyntcloud.com/bundle/KBAs/page/Content/Logical-Active-Directory-Applications.htm
{ "Application-A": [
{ "memberOf": [
"CN=Group1,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net",
"CN=Group2,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net",
"CN=Group3,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net"
]
}
],
"Application-B": [
{
"memberOf": [
"CN=Group4,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net",
"CN=Group5,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net",
"CN=Group6,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net",
"CN=Group7,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net",
"CN=Group8,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net"
]
}
],
"Application-C": [
{
"memberOf": [
"CN=Group9,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net"
]
}
]
}
09/11/2024 02:23 PM
This is a logical AD app, and I have 4 entitlements.
I want to see only 3 on the ARS page.
Endpoint> Entitlement Type > Config for Requestable Entitlement in ARS
I want to see only 3 on the ARS page.
Endpoint> Entitlement Type > Display Name (This will be shown as entitlement type name on the ARS)
09/05/2024 08:04 PM
Filtering Groups to Import
To create endpoints based on the list of groups specified in the JSON and associate all accounts having access to these groups to the created endpoint, specify a value of the ENDPOINTS_FILTER parameter. These accounts are created as child accounts to the parent AD account in EIC. On filtering applications, you can run operations such as creating campaigns, configuring analytics, or raising access requests for providing authorization and privileges only for specific applications and not all the applications. If the application does not exist is EIC, an endpoint is automatically created under the security system. The ENDPOINTS_FILTER parameter is used in conjunction with the Referenced Account parameter in the Account details page.
For example, there is an AD security system in EIC and at the third-party setup, there are three different applications, ServiceNow, Slack, and Zendesk using AD. If you want to provide authorization and privileges only for ServiceNow, you can specify ServiceNow as an endpoint filter. The ServiceNow endpoint is automatically created under the AD security system. In the Referenced Account parameter in the Account details page, you can find the child account of ServiceNow in the following format linked to the parent account in AD:
"<Accountname> (AccountKey)".
Example 1: To specify the filter to import groups belonging to an application (App1_Child_Endpoint), use the format similar to the following:
JSON
{
"App1_Child_Endpoint":
[
{
"memberOf":
["CN=ADGroup15,DC=sav,DC=com",
"CN=ADGroup12,DC=sav,DC=com",
"CN=ADGroup16,DC=sav,DC=com"
]
}
]
}
You can refer to the below document:
https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-...