Leveraging Intelligent Recommendations for Operational Transformation. AMS Partners click HERE | EMEA/APJ Partners click HERE |
09/05/2024 12:31 PM
Hello,
I have Logical AD Apps with more than 25 entitlements, How can I break down these entitlement and custom assign them to an App name that matches the entitlements in Saviynt?
09/05/2024 12:51 PM
You can use endpoint_filter in ad connection. Follow below doc , it has sample jsons
If you know this already and you have a specific challenge. Pleas eshare that.
09/05/2024 01:17 PM
@wizzy custom assign isn't possible you need to define endpoint name and then the group which should be part of it.
09/05/2024 01:32 PM
09/05/2024 08:04 PM
Filtering Groups to Import
To create endpoints based on the list of groups specified in the JSON and associate all accounts having access to these groups to the created endpoint, specify a value of the ENDPOINTS_FILTER parameter. These accounts are created as child accounts to the parent AD account in EIC. On filtering applications, you can run operations such as creating campaigns, configuring analytics, or raising access requests for providing authorization and privileges only for specific applications and not all the applications. If the application does not exist is EIC, an endpoint is automatically created under the security system. The ENDPOINTS_FILTER parameter is used in conjunction with the Referenced Account parameter in the Account details page.
For example, there is an AD security system in EIC and at the third-party setup, there are three different applications, ServiceNow, Slack, and Zendesk using AD. If you want to provide authorization and privileges only for ServiceNow, you can specify ServiceNow as an endpoint filter. The ServiceNow endpoint is automatically created under the AD security system. In the Referenced Account parameter in the Account details page, you can find the child account of ServiceNow in the following format linked to the parent account in AD:
"<Accountname> (AccountKey)".
Example 1: To specify the filter to import groups belonging to an application (App1_Child_Endpoint), use the format similar to the following:
JSON
{
"App1_Child_Endpoint":
[
{
"memberOf":
["CN=ADGroup15,DC=sav,DC=com",
"CN=ADGroup12,DC=sav,DC=com",
"CN=ADGroup16,DC=sav,DC=com"
]
}
]
}
You can refer to the below document:
https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-...