Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/11/2024 08:03 AM
I have a user that is getting a service account mapped as their manager in AD instead of the actual manager. I verified that the manager is correct in the identity repository but when an update is pushed it does not change to the actual manager. I did notice however that the assigned manager owns that service account and their employeeid is tied to it. Below is the current mapping
import mapping:
CUSTOMPROPERTY21::manager#String,
Create and update:
"manager": "${managerAccount==null?'':managerAccount.accountID}",
Solved! Go to Solution.
09/11/2024 08:26 AM
09/11/2024 10:02 AM
See below the identity manager is the following:
The AD account shows the following for manager we map manager to custom property21. The below account is a service account. I did notice that the managers employeeid is also tied to the below service account. We correlate via employeeid.
09/11/2024 10:03 AM
Issue is employee id is also mapping with service account
09/11/2024 10:09 AM
How do I fix?
09/11/2024 10:44 AM
Remove it from exisiting accounts
09/11/2024 10:58 AM
Unfortunately that is not feasible because every service account is tied to an end user. Some users have multiple service accounts tied to them. I may have to uncorrelate the service accounts from the users. How do I uncorrelate accounts from users in a bulk manner? If I change the correlation rule will it also uncorrelate?
09/11/2024 11:01 AM
You can do manually from User- Accounts tab or you can do using saviynt api using postman runner
Refer Saviynt API Documentation
https://docs.saviyntcloud.com/bundle/API-Reference-Guide/page/Content/API-References.htm