Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/04/2024 08:26 AM
Hi Saviynt Admins,
I have a possibly simple question, but I haven't been able to solve it myself. It's about importing service accounts from Active Directory (AD) into Saviynt.
The customer wants both user accounts and service accounts to be imported from AD into Saviynt. The import works well overall and meets most expectations. However, service accounts are being imported just like regular accounts, and the accountType attribute isn't being set correctly.
Currently, we've implemented a workaround: service accounts from AD are imported with a "T" in customProperty14 (which corresponds to extensionAttribute3 in AD). We've also created an enhanced query execution job that detects all accounts with a "T" in customProperty14 and changes the accountType to "Service Account."
Is there any way to set the accountType attribute to "Service Account" directly during the import process?
I found the IMPORTJSON function in the connection, but based on what I saw in the documentation, is it only related to timeouts? Or is there another section or function where I could use a script or something similar to detect service accounts?
I learned that in the ACCOUNT_ATTRIBUTE section, only mappings like this are allowed:
“CUSTOMPROPERTY1::samaccountname#String“
But not:
“customProperty14::${extensionAttribute3 == 'T' ? 'Service Account' : ACCOUNTTYPE}#String“
Or:
“{ "target": "customproperty60",
"source": "proxyAddresses#String"},
{ "target": "ACCOUNTTYPE",
"script": "if (customProperty14 === 'T') { return 'Service Account'; } else { return ' '; }"}“
Am I correct?
Regards
Shub4Sav
Solved! Go to Solution.
09/04/2024 08:49 AM
09/05/2024 12:34 AM
Ok thank you for your reply.