Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

issue with entitlement type

BalajiE
New Contributor
New Contributor

Hi Team,

 

We have a requirement to provision groups under 2 different OU's (Application and Server). When we reconcile all the groups, it reconciles under one entitlementType called groups.

As per customer requirement, during request we need to allow only group under Application groups and Multiple groups under Server. but all these groups are there under single entitlementType due to this Request-option is Drop-down(single)/table which is a common configuration.

 

BalajiE_0-1718201704209.png

Please suggest how we can achieve this.

FYI, OU Structure.

BalajiE_1-1718202051102.png

 

[This post has been edited by a Moderator to try and make the images larger, but they are small files.]

 

7 REPLIES 7

NM
Valued Contributor II
Valued Contributor II

Hi @BalajiE  can you share your groupimportmapping?

BalajiE
New Contributor
New Contributor

Hi @NM 

Pls find below groupImportJson:

{
"importGroupHierarchy": "true",
"entitlementTypeName": "",
"importnestedmembershipoutofscope": "false",
"performGroupAccountLinking": "true",
"incrementalTimeField": "whenChanged",
"advanceGroupFilter": {
"memberOf": {
"OU=Server,DC=company,DC=com": [
"(&(objectClass=group))"
],
"OU=Application,DC=company,DC=com": [
"(&(objectClass=group))"
],
"OU=Security Groups,OU=Locations,DC=company,DC=com": [
"(&(objectClass=group))"
]
}
},

"mapping": "memberHash:member_char,customProperty1:sAMAccountType_char,customProperty3:uSNCreated_char,customProperty4:groupType_char,lastscandate:whenCreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:distinguishedName_char,updatedate:whenChanged_date,customProperty17:distinguishedName_char,RECONCILATION_FIELD:customProperty18,customProperty18:objectGUID_Binary",
"entitlementOwnerAttribute": "managedBy",
"tableFieldAttribute": "accountID"
}

Raghu
All-Star
All-Star

@BalajiE  we can't  i think need to create one type also


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

rushikeshvartak
All-Star
All-Star

To support this you need to change request option to table.


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.

BalajiE
New Contributor
New Contributor

Hi @rushikeshvartak 

For OU=Server, groups we can use table option. but for OU=Application i need to choose only entitlement.

While reconciliation both OU's are reconciled user same entitlementType.

 

BalajiE
New Contributor
New Contributor

Hi Team,

Which AD group attribute creates entitlementType in Saviynt? Do we able to change that AD group attribute to some other value so that during reconciliation it will allow us to create separate entitlementType.

memberOf is hardcoded entitlement type and you can't create more 

You can specify in JSON or it takes default

"entitlementTypeName": "memberOf",

https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Importing-... 

 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.