Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/14/2024 01:46 AM
Hi Everyone,
We have a use case where we need to change the sAmaccountName,email on the Last name or Legal name change. Now the usecase here is once the Name changes is done and replicated to all the target applications. This old name (previous samAccountName) samAccountname should not be assigned to any new users. Bascially SAMAccountName is same the systemusername for identity. If the same user revert back the name change to old value in Saviynt we should recognize the user and assign back the old email/samAccountname which was assigned before name change .
Is this feasible from Saviynt has any one implemented it ?
Is it advisable to change the samAccountname on Legal or Last name changes ?
08/14/2024 03:58 AM
Hi @sabthamis , are you generating email and systemusername from saviynt??
08/14/2024 04:00 AM
Yes @NM
08/14/2024 04:11 AM
@sabthamis only option i could think of is you need to deploy your custom jar to make it work.
iterate through the email values in saviynt to see if an email exists, if it does increment the value by 1 and then replace the email or systemusername.
08/14/2024 04:14 AM
but this is for default email and username generation ...how can we Saviynt knows this userid is already used by a user since the name changed we assigned a new username and email ....now the old one should not be assigned to another user .. @NM
08/14/2024 04:20 AM
@sabthamis if a user is created and assigned with email.. it will not assign user with a new email.
08/14/2024 04:25 AM
@sabthamis for email generation you can use below user update action
for samaccountname you have to develop a jar
08/14/2024 04:30 AM
Yes this is fine we have OOTB rule to generate email. Now the question is how / where can we store this userid email and do a comparison in email generation and system username generation. OOTB we can use only SQL pseudocode to generate it right ? @NM
08/14/2024 04:42 AM
08/14/2024 04:47 AM
@rushikeshvartak Are you saying using the custom configuration or custom jar .....here the checks are need to be done on samAccount name /email once the user is reverted back to the old legal name then Saviynt should not calculate the username email instead it has to use the old values
08/14/2024 04:50 AM
This use case is feasible within Saviynt, but it requires careful implementation using custom configurations, dynamic attributes, and possibly custom code or custom JAR files. Here's how it can be approached:
Custom Property or Table: Use a custom property (e.g., customproperty1) or a user_attributes table to store a history of all previously assigned sAMAccountNames and email addresses. This history would include the user's identity key, sAMAccountName, and email.
Dynamic Attribute: Create a dynamic attribute to check if a newly calculated sAMAccountName already exists in the custom property or table. If it does, flag it as unavailable and prompt the system to generate a new unique value or trigger an exception.
Assignment Rule: Implement a rule that checks against this history before assigning a new sAMAccountName or email to any user. This ensures that even if a name change makes the old sAMAccountName available, it won't be reassigned.
Check for Reversion: When a legal or last name change is detected, a dynamic attribute can be used to check if the user has previously held the same sAMAccountName and email. This can be done by querying the custom property or table where the history is stored.
Conditional Assignment: If a match is found (i.e., the user is reverting to a previous name), the system should skip the normal username/email calculation logic and instead reassign the old sAMAccountName and email from the history.