Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Identity Attribute Mapping for DN

sabthamis
Regular Contributor II
Regular Contributor II

Hello Everyone,

 

I have a requirement to map the AD accounts distinguished name to one of identity objects custom property. How can we do it ? If anyone have done it please let me know what would be the best way to do that.

 

Thanks.

8 REPLIES 8

indra_hema_95
Regular Contributor III
Regular Contributor III

Hi @sabthamis you want to bring the DN to the user level?

Regards,

Indra

sabthamis
Regular Contributor II
Regular Contributor II

@indra_hema_95  yes correct !

indra_hema_95
Regular Contributor III
Regular Contributor III

Hi @sabthamis One way to do this, first bring the DN to the accounts customproperty level, lets say you are storing it on accounts customproperty5. Then while user import use preprocessor like below in modify user json.

{
    "ADDITIONALTABLES": {
"ACCOUNTS": "SELECT * FROM ACCOUNTS",
    "USER_ACCOUNTS": "SELECT * FROM USER_ACCOUNTS WHERE ACCOUNTKEY IN (SELECT DISTINCT ACCOUNTKEY FROM ACCOUNTS)"
    },
    "COMPUTEDCOLUMNS": [
"CUSTOMPROPERTY1"
    ],
    "PREPROCESSQUERIES": [
"UPDATE NEWUSERDATA LEFT JOIN CURRENTUSERS ON NEWUSERDATA.USERNAME = CURRENTUSERS.USERNAME SET NEWUSERDATA.CUSTOMPROPERTY1 = (SELECT AC.CUSTOMPROPERTY5 FROM CURRENTUSER_ACCOUNTS UAC INNER JOIN CURRENTUSERS ON UAC.USERKEY=CURRENTUSERS.USERKEY INNER JOIN CURRENTACCOUNTS AC ON AC.ACCOUNTKEY=UAC.ACCOUNTKEY WHERE AC.ENDPOINTKEY=19 AND AC.STATUS NOT IN ('SUSPENDED FROM IMPORT SERVICE') AND NEWUSERDATA.USERNAME = CURRENTUSERS.USERNAME limit 1)"
 
    ]
}
Regards,
Indra

NM
Esteemed Contributor
Esteemed Contributor

@sabthamis  One way would be to use user_attribute and map the value to a customproperty directly.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

sabthamis
Regular Contributor II
Regular Contributor II

@NM can you please brief me on that how we can do it ? i don't want to add much logic in preprocessor which would slow down the import

NM
Esteemed Contributor
Esteemed Contributor

@sabthamis in AD connector there is a field titles user_attribute where you can define the map the same way you would have defined to import account.

2) create the user import job which will do all the work.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

sabthamis
Regular Contributor II
Regular Contributor II

so here i need to create user import job for AD connection right ? and action i should select as update ?

Also if you have some sample format to refer for user_attribute please provide it would be helpful.

Thanks.

NM
Esteemed Contributor
Esteemed Contributor

@sabthamis , yes,

sample - 

[
CUSTOMPROPERTY1::cn#String,
CUSTOMPROPERTY2::name#String,
DISPLAYNAME::displayName#String,
CUSTOMPROPERTY25::company#String,
CUSTOMPROPERTY3::sn#String,
CUSTOMPROPERTY40::distinguishedName#String
]

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'