Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

LDAP User attributes as entitlements

Robbe_Cronos
Regular Contributor II
Regular Contributor II

Hello,

We are trying to figure out if we can use LDAP/AD User attributes as entitlements. 

Example:

a user attribute called "eduPersonEntitlement" is multi-valued and can have values like "urn:mace:entitlement:bib:proxy:student" which are not objects in LDAP but string values.

We want to use the last part of this User attribute (student) and automatically make an entitlement with this name when the user is imported. Our question is:

How would we go about doing this & which endpoint should we use for the new entitlement? Seeing as the import is a User import, it is not linked to an endpoint yet.

6 REPLIES 6

Darshanjain
Saviynt Employee
Saviynt Employee

Hi @Robbe_Cronos ,

If you are getting these values form user import, what is the use case you want them to be created as entitlements, how are you going to use it or is it only to store

Robbe_Cronos
Regular Contributor II
Regular Contributor II

These multi-valued string as AD attributes can be things like: Science, Maths, Physics,...

These are educations that students can follow in school. We want to automatically make entitlements for all of these educations when the AD users are imported and add accounts of these users in the correct entitlements

Okay, when you say you want to make entitlements, Are you looking to handle them as disconnected application and just maintain in saviynt or are you looking them to be created in AD and handle group management?

Robbe_Cronos
Regular Contributor II
Regular Contributor II

They would need to be created in the AD in the next provisioning job & they should be able to handle group management.

You can use Saviynt4Saviynt


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

If you want the entitlements to be created in saviynt under any Endpoint you can try out Sav4Sav job. For handling group management There is no direct way and needs to be handled via Request or Api. You can check out more on Group management on below link

https://docs.saviyntcloud.com/bundle/EIC-Admin-v232/page/Content/Chapter07-General-Administrator/Con...