Saviynt Forums

BalajiE · ‎06/12/2024

Hi Team,

We have a requirement to provision groups under 2 different OU's (Application and Server). When we reconcile all the groups, it reconciles under one entitlementType called groups.

As per customer requirement, during request we need to allow only group under Application groups and Multiple groups under Server. but all these groups are there under single entitlementType due to this Request-option is Drop-down(single)/table which is a common configuration.

Please suggest how we can achieve this.

FYI, OU Structure.

[This post has been edited by a Moderator to try and make the images larger, but they are small files.]

NM · ‎06/12/2024

Hi @BalajiE can you share your groupimportmapping?

BalajiE · ‎06/18/2024

Hi @NM

Pls find below groupImportJson:

{
"importGroupHierarchy": "true",
"entitlementTypeName": "",
"importnestedmembershipoutofscope": "false",
"performGroupAccountLinking": "true",
"incrementalTimeField": "whenChanged",
"advanceGroupFilter": {
"memberOf": {
"OU=Server,DC=company,DC=com": [
"(&(objectClass=group))"
],
"OU=Application,DC=company,DC=com": [
"(&(objectClass=group))"
],
"OU=Security Groups,OU=Locations,DC=company,DC=com": [
"(&(objectClass=group))"
]
}
},

"mapping": "memberHash:member_char,customProperty1:sAMAccountType_char,customProperty3:uSNCreated_char,customProperty4:groupType_char,lastscandate:whenCreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:distinguishedName_char,updatedate:whenChanged_date,customProperty17:distinguishedName_char,RECONCILATION_FIELD:customProperty18,customProperty18:objectGUID_Binary",
"entitlementOwnerAttribute": "managedBy",
"tableFieldAttribute": "accountID"
}

Raghu · ‎06/12/2024

@BalajiE we can't i think need to create one type also

Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

rushikeshvartak · ‎06/13/2024

To support this you need to change request option to table.

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

BalajiE · ‎06/17/2024

Hi @rushikeshvartak

For OU=Server, groups we can use table option. but for OU=Application i need to choose only entitlement.

While reconciliation both OU's are reconciled user same entitlementType.

BalajiE · ‎06/18/2024

Hi Team,

Which AD group attribute creates entitlementType in Saviynt? Do we able to change that AD group attribute to some other value so that during reconciliation it will allow us to create separate entitlementType.

rushikeshvartak · ‎06/18/2024

memberOf is hardcoded entitlement type and you can't create more

You can specify in JSON or it takes default

"entitlementTypeName": "memberOf",

https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-...

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

issue with entitlement type