Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP account creation to include creating LDAP group and assigning group to account

CredenceIA_11
New Contributor II
New Contributor II

‎03/21/2024 10:54 AM

We have a requirement to provision accounts and groups to RedHat LDAP directory. When a request is submitted, the requirement is to do the following:
a) Create the LDAP account
b) Create an LDAP group with the same name as the account

c) Assign that newly created LDAP group to the LDAP Account

Please advise if this is possible and how.

Labels:
0 Kudos
4 REPLIES 4

rushikeshvartak
All-Star
All-Star

‎03/21/2024 07:16 PM

Yes, it is possible to provision accounts and groups to a RedHat LDAP directory using Saviynt. 

a) Create the LDAP account:

  • Configure Saviynt to provision user accounts to the RedHat LDAP directory. This typically involves setting up a connector for the LDAP directory within Saviynt and providing the necessary connection details and credentials.
  • Define mappings between attributes in Saviynt and attributes in the LDAP directory to ensure that user account information is properly synchronized.

b) Create an LDAP group with the same name as the account:

  • After creating the LDAP account, use Saviynt workflows or custom actions to trigger the creation of an LDAP group with the same name.
  • Saviynt allows you to execute custom logic or scripts as part of provisioning workflows. You can use this capability to invoke scripts or API calls that create the LDAP group in the RedHat LDAP directory.

c) Assign the newly created LDAP group to the LDAP Account:

  • Once the LDAP group is created, use Saviynt to assign the group to the LDAP account.
  • You can accomplish this by configuring membership rules or using custom actions within Saviynt to add the LDAP group to the LDAP account's group membership.

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

CredenceIA_11
New Contributor II
New Contributor II
In response to rushikeshvartak

‎03/22/2024 05:14 AM

Hi, Please provide the link to the documentation that describes how to create provisioning workflows and also how to do step c) using custom actions or membership rules?

Thanks

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to CredenceIA_11

‎03/24/2024 07:58 PM

Workflow - https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter12-Workflows/Creating-Workfl... 

Rules - https://docs.saviyntcloud.com/bundle/EIC-External-Scenario-1/page/Content/Creating-User-Update-Rule....


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

CredenceIA_11
New Contributor II
New Contributor II

‎03/25/2024 05:15 AM

Thanks. Those workflows are for approval workflows. The solution mentioned "Provisioning" workflows to allow multiple provisioning tasks to be kicked off;

"b) Create an LDAP group with the same name as the account:

  • After creating the LDAP account, use Saviynt workflows or custom actions to trigger the creation of an LDAP group with the same name.
  • Saviynt allows you to execute custom logic or scripts as part of provisioning workflows. You can use this capability to invoke scripts or API calls that create the LDAP group in the RedHat LDAP directory."
0 Kudos
Copyright © 2024 Khoros, LLC