Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Is there a way to do conditional status recon for Active Directory accounts?

dhanashree_m
New Contributor III
New Contributor III

‎05/26/2022 06:28 AM

We want to pull locked or unlocked status from AD but the attribute in AD "lockOutTime" does not have fixed set of values, so need a way to add conditional status mapping.

0 Kudos
6 REPLIES 6

Manikanta_S
Saviynt Employee
Saviynt Employee

‎05/27/2022 06:25 AM

Hi Dhanashree,

You can achieve this using "STATUS_THRESHOLD_CONFIG " in AD Connector.

Please refer to the STATUS_THRESHOLD_CONFIG  part in the below document.

https://saviynt.freshdesk.com/support/solutions/articles/43000615764-active-directory-ad-connector-g...

Please let me know of this helps!

 

Manikanta_S_0-1653657903265.png

Thanks & Kind Regards,

Manikanta.S

Thanks & Kind Regards,
Manikanta.S
0 Kudos

rushikeshvartak
All-Star
All-Star

‎05/27/2022 10:59 AM

Add below config in STATUS_THRESHOLD_CONFIG under AD Connection 

{
"statusAndThresholdConfig":{
"lockedStatusColumn":"customproperty30",
"lockedStatusMapping":{
"Locked":[
"0"
],
"Unlocked":[
"512",
"544"
]
}
}
}


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

dhanashree_m
New Contributor III
New Contributor III

‎05/30/2022 07:00 AM

We dont have defined values for locked - it is a date field on AD side. It will have date when the account gets locked. Also for Unlocked, the value will be 0 when I unlock user otherwise we will not be present in AD.

512,514 are mapped for status but I am looking for getting Locked or Unlocked and not  active/inactive

0 Kudos

avinashchhetri
Saviynt Employee
Saviynt Employee
In response to dhanashree_m

‎05/31/2022 12:47 PM

Just a query, how are you planning to use the locked vs unlocked once you have (lets assume) defined and imported it via the connector ?

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
0 Kudos

dhanashree_m
New Contributor III
New Contributor III

‎05/31/2022 07:01 PM

Locked and Unlocked status will be used through getaccounts API to show unlock option based in UI based on this status.

0 Kudos

avinashchhetri
Saviynt Employee
Saviynt Employee
In response to dhanashree_m

‎06/01/2022 06:49 AM

Dhanashree,

If the intended usage is via the API, which probably feeds into the Custom UI, wouldn't it make sense to get the data from AD as is and use the logic in the custom UI to show locked vs unlocked based on the content of the attribute, NULL and 0 as unlocked while any value as locked ?

Getting back to your original query, I have personally never seen conditional logic being used in the statusAndThresholdConfig section, Im not saying it is not supported, Maybe someone who has done that before can help out.

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
0 Kudos
Copyright © 2024 Khoros, LLC