Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

I have Logical AD Apps with more than 25 entitlements - How can I breakdown these entitlement?

wizzy
New Contributor III
New Contributor III

Hello,

 

I have Logical AD Apps with more than 25 entitlements, How can I break down these entitlement and custom assign them to an App name that matches the entitlements in Saviynt?

7 REPLIES 7

Amit_Malik
Valued Contributor II
Valued Contributor II

You can use endpoint_filter in ad connection. Follow below doc , it has sample jsons

https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-...

If you know this already and you have a specific challenge. Pleas eshare that.

 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".

NM
Honored Contributor II
Honored Contributor II

@wizzy custom assign isn't possible you need to define endpoint name and then the group which should be part of it.

rushikeshvartak
All-Star
All-Star
  • You can use endpoint filter with exact naming convention

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hello @rushikeshvartak 

I have created the Logical AD Apps already in Saviynt using the EndPoint filter and the Json script for the AD App OUs- The Issue now is, some of the apps from AD have alot of Entitlement attached to them.We want to create new app tiles and name in the application request portal and attached the entitlements to it from the current logical AD apps huge entitlement but with different app names. So, I want to create another app tiles in the application access request screen and attach from entitlement to the new tile that I create. Can you share how to do this with screen shot? Thank you

Refer below https://docs.saviyntcloud.com/bundle/KBAs/page/Content/Logical-Active-Directory-Applications.htm

 

{ "Application-A": [
 { "memberOf": [
 "CN=Group1,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net", 
 "CN=Group2,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net", 
 "CN=Group3,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net" 
]
 }
 ], 
"Application-B": [ 
{
 "memberOf": [
 "CN=Group4,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net", 
 "CN=Group5,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net", 
 "CN=Group6,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net", 
 "CN=Group7,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net", 
 "CN=Group8,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net" 
]
 }
 ],
 "Application-C": [
 {
 "memberOf": [
 "CN=Group9,OU=Role Based Groups,OU=Global IT Support Groups,DC=corpstg,DC=MyOrg,DC=net" 
]
 }
 ]
 }

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

stalluri
Valued Contributor II
Valued Contributor II

@wizzy 


This is a logical AD app, and I have 4 entitlements.

Screenshot 2024-09-11 at 4.15.08 PM.png

I want to see only 3 on the ARS page.
Endpoint> Entitlement Type > Config for Requestable Entitlement in ARS

Screenshot 2024-09-11 at 4.19.26 PM.png


I want to see only 3 on the ARS page.
Endpoint> Entitlement Type > Display Name (This will be shown as entitlement type name on the ARS)

Screenshot 2024-09-11 at 4.22.47 PM.png





Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

stalluri
Valued Contributor II
Valued Contributor II

@wizzy 

Filtering Groups to Import
To create endpoints based on the list of groups specified in the JSON and associate all accounts having access to these groups to the created endpoint, specify a value of the ENDPOINTS_FILTER parameter. These accounts are created as child accounts to the parent AD account in EIC. On filtering applications, you can run operations such as creating campaigns, configuring analytics, or raising access requests for providing authorization and privileges only for specific applications and not all the applications. If the application does not exist is EIC, an endpoint is automatically created under the security system. The ENDPOINTS_FILTER parameter is used in conjunction with the Referenced Account parameter in the Account details page.

For example, there is an AD security system in EIC and at the third-party setup, there are three different applications, ServiceNow, Slack, and Zendesk using AD. If you want to provide authorization and privileges only for ServiceNow, you can specify ServiceNow as an endpoint filter. The ServiceNow endpoint is automatically created under the AD security system. In the Referenced Account parameter in the Account details page, you can find the child account of ServiceNow in the following format linked to the parent account in AD:

"<Accountname> (AccountKey)".

Example 1: To specify the filter to import groups belonging to an application (App1_Child_Endpoint), use the format similar to the following:

JSON
{
"App1_Child_Endpoint":
[
{
"memberOf":
["CN=ADGroup15,DC=sav,DC=com",
"CN=ADGroup12,DC=sav,DC=com",
"CN=ADGroup16,DC=sav,DC=com"
]
}
]
}

You can refer to the below document:
https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-...


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.