02/28/2023 04:24 AM
We are trying to figure out if we can use LDAP/AD User attributes as entitlements.
a user attribute called "eduPersonEntitlement" is multi-valued and can have values like "urn:mace:entitlement:bib:proxy:student" which are not objects in LDAP but string values.
We want to use the last part of this User attribute (student) and automatically make an entitlement with this name when the user is imported. Our question is:
How would we go about doing this & which endpoint should we use for the new entitlement? Seeing as the import is a User import, it is not linked to an endpoint yet.
03/01/2023 02:19 AM
Hi @Robbe_Cronos ,
If you are getting these values form user import, what is the use case you want them to be created as entitlements, how are you going to use it or is it only to store
03/03/2023 02:39 AM
These multi-valued string as AD attributes can be things like: Science, Maths, Physics,...
These are educations that students can follow in school. We want to automatically make entitlements for all of these educations when the AD users are imported and add accounts of these users in the correct entitlements
03/03/2023 03:56 AM
Okay, when you say you want to make entitlements, Are you looking to handle them as disconnected application and just maintain in saviynt or are you looking them to be created in AD and handle group management?
03/08/2023 12:19 AM
They would need to be created in the AD in the next provisioning job & they should be able to handle group management.
03/08/2023 12:30 AM
03/08/2023 02:00 AM
If you want the entitlements to be created in saviynt under any Endpoint you can try out Sav4Sav job. For handling group management There is no direct way and needs to be handled via Request or Api. You can check out more on Group management on below link