Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Legal Name Change Use Case

sabthamis
New Contributor
New Contributor

‎08/14/2024 01:46 AM

Hi Everyone,

We have a use case where we need to change the sAmaccountName,email on the Last name or Legal name change. Now the usecase here is once the Name changes is done and replicated to all the target applications.  This old name (previous samAccountName) samAccountname should not be assigned to any new users. Bascially SAMAccountName is same the systemusername for identity. If the same user revert back the name change to old value in Saviynt we should recognize the user and assign back the old email/samAccountname which was assigned before name change .

 

Is this feasible from Saviynt has any one implemented it ? 

Is it advisable to change the samAccountname on Legal or Last name changes ?

Labels:
0 Kudos
10 REPLIES 10

NM
Honored Contributor II
Honored Contributor II

‎08/14/2024 03:58 AM

Hi @sabthamis , are you generating email and systemusername from saviynt??

0 Kudos

sabthamis
New Contributor
New Contributor
In response to NM

‎08/14/2024 04:00 AM

Yes @NM 

0 Kudos

NM
Honored Contributor II
Honored Contributor II

‎08/14/2024 04:11 AM

@sabthamis only option i could think of is you need to deploy your custom jar to make it work.

iterate through the email values in saviynt to see if an email exists, if it does increment the value by 1 and then replace the email or systemusername.

0 Kudos

sabthamis
New Contributor
New Contributor
In response to NM

‎08/14/2024 04:14 AM

but this is for default email and username generation ...how can we Saviynt knows this userid is already used by a user since the name changed we assigned a new username and email ....now the old one should not be assigned to another user ..  @NM 

0 Kudos

NM
Honored Contributor II
Honored Contributor II

‎08/14/2024 04:20 AM

@sabthamis if a user is created and assigned with email.. it will not assign user with a new email.

0 Kudos

NM
Honored Contributor II
Honored Contributor II

‎08/14/2024 04:25 AM

@sabthamis for email generation you can use below user update action

NM_0-1723634737505.png

for samaccountname you have to develop a jar

0 Kudos

sabthamis
New Contributor
New Contributor
In response to NM

‎08/14/2024 04:30 AM

Yes this is fine we have OOTB rule to generate email. Now the question is how / where can we store this userid email and do a comparison in email generation and system username generation. OOTB we can use only SQL pseudocode to generate it right ? @NM 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sabthamis

‎08/14/2024 04:42 AM

  • Use existing custom property to store all existing legal names and then compare in future 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

sabthamis
New Contributor
New Contributor
In response to rushikeshvartak

‎08/14/2024 04:47 AM

@rushikeshvartak  Are you saying using the custom configuration or custom jar .....here the checks are need to be done on samAccount name /email once the user is reverted back to the old legal name then Saviynt should not calculate the username email instead it has to use the old values  

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sabthamis

‎08/14/2024 04:50 AM

This use case is feasible within Saviynt, but it requires careful implementation using custom configurations, dynamic attributes, and possibly custom code or custom JAR files. Here's how it can be approached:

1. Preventing Reuse of Old sAMAccountNames

  • Custom Property or Table: Use a custom property (e.g., customproperty1) or a user_attributes table to store a history of all previously assigned sAMAccountNames and email addresses. This history would include the user's identity key, sAMAccountName, and email.

  • Dynamic Attribute: Create a dynamic attribute to check if a newly calculated sAMAccountName already exists in the custom property or table. If it does, flag it as unavailable and prompt the system to generate a new unique value or trigger an exception.

  • Assignment Rule: Implement a rule that checks against this history before assigning a new sAMAccountName or email to any user. This ensures that even if a name change makes the old sAMAccountName available, it won't be reassigned. 

2. Reassigning Old sAMAccountName on Reversion

  • Check for Reversion: When a legal or last name change is detected, a dynamic attribute can be used to check if the user has previously held the same sAMAccountName and email. This can be done by querying the custom property or table where the history is stored.

  • Conditional Assignment: If a match is found (i.e., the user is reverting to a previous name), the system should skip the normal username/email calculation logic and instead reassign the old sAMAccountName and email from the history.


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC