Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

import groups with different entitlement types but same endpoint

Go to solution
Robbe_Cronos
Regular Contributor II
Regular Contributor II

‎06/20/2022 12:30 AM

Hello,

We are trying to import groups from Active Directory so they are requestable in Saviynt. We have OU's for department groups and OU's for application groups (Jira, Gitlab,..). 

Is there a possibility to import all of the groups using the same endpoint, but have split requests for them i.e departments request, Jira requests, Gitlab requests?

I added a screenshot which shows how we want to do it. We tried using entitlement types to differentiate the requests, but when importing groups from AD it will automatically use the "Groups" entitlement type.

Any help would be appreciated.

Robbe

Labels:
Preview file
24 KB
0 Kudos
3 REPLIES 3

Go to solution
Srinivas
Saviynt Employee
Saviynt Employee

‎06/20/2022 04:12 AM

Hi Robbe

Please refer to the AD Connector documentation and check the sections under groupImportMapping which shows how to import groups from different OU's.

https://saviynt.freshdesk.com/support/solutions/articles/43000615764-active-directory-ad-connector-g...

Hope this helps you

Thanks & Regards

Srinivas

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee

‎06/20/2022 10:57 AM

Hello Robbe,

The concept of Endpoint Filter might help in your case. This is a logical grouping of applications based on the AD  Groups. You could read the Groups at the base OU and import all groups under AD Security System and Endpoint. However if you also configure the ENDPOINTS_FILTER parameter in the connector this will also create "specific endpoints" which can be made requestable.

If your groups are all under the same OU, then something as simple as the config shared below will create 2 endpoints, Gitlab and Jira under the same parent AD Security System and Endpoint. The entitlements available in these two applications will only consist of the groups defined in it.

{
"Gitlab": [
{
"memberOf": [
"CN=%,OU=Gitlab,OU=Groups,DC=myCompany,DC=com"
]
}
],
"Jira": [
{
"memberOf": [
"CN=%,OU=Jira,OU=Groups,DC=myCompany,DC=com"
]
}
]
}

 

AD connector documentation : https://saviynt.freshdesk.com/support/solutions/articles/43000615764-active-directory-ad-connector-g...

 

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to avinashchhetri

‎06/23/2022 08:55 AM

Hello Robbe,

Does this feature help solve your requirement ?

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
Copyright © 2024 Khoros, LLC