Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/01/2024 10:02 AM
Hello,
We have active directory currently connected to Saviynt. This active directory has all the applications entitlements (OU, Group etc). We want to create application widget in the request access portal for each of this application entitlement in AD. How do I create the application and assign the entitlement to each application. Please advise, thank you.
Solved! Go to Solution.
05/01/2024 02:48 PM
Use endpoint filters functionality
Specify this parameter to specifically filter and associate endpoints (applications) to an Active Directory account after the account is imported. On filtering applications, you can run operations such as creating campaigns, configuring analytics, or raising access requests for providing authorization and privileges only for specific applications and not all the applications. If the application does not exist in EIC, an endpoint is automatically created under the security system to represent it. This parameter is used in conjunction with the Referenced Account parameter on the Account details page.
For example, an Active Directory security system exists in EIC, and three other applications, ServiceNow, Slack, and Zendesk, that use Active Directory are present in the target system. If you want to provide authorization and privileges only to ServiceNow, specify ServiceNow as an endpoint filter and the ServiceNow endpoint is automatically created under the Active Directory security system. The child accounts of ServiceNow are linked to their parent account in Active Directory in the "<Accountname> (AccountKey)" format in the Referenced Account parameter in theAccount details page.
Example 1: Import users belonging to an application named App1_Child_Endpoint.
{ "App1_Child_Endpoint": [ { "memberOf": [ "CN=ADGroup15,DC=sav,DC=com", "CN=ADGroup12,DC=sav,DC=com", "CN=ADGroup16,DC=sav,DC=com" ] } ] }
Example 2: Import users belonging to applications named Sampletest AD Application and Jira AD Application.
You can also use wildcards in the user name for importing users. For example, if you specifyACL_Okta_% in the CN attribute, EIC imports all the users whose name starts with ACL_Okta).
{ "Sampletest AD Application": [ { "memberOf": [ "CN=ACL_Okta_%,OU=Okta,OU=Resources,OU=gh,DC=test,DC=local" ] } ], "Jira AD Application": [ { "memberOf": [ "CN=ACL_Jira_All Menu Pages - Administrators,OU=Atlassian,OU=Resources,OU=gh,DC=test,DC=local", "CN=ACL_Jira_All Menu Pages - Developers,OU=Atlassian,OU=Resources,OU=gh,DC=test,DC=local", "CN=ACL_Jira_All Menu Pages - Users,OU=Atlassian,OU=Resources,OU=gh,DC=test,DC=local", "CN=ACL_Jira_API_Developers,OU=Atlassian,OU=Resources,OU=gh,DC=test,DC=local" ] } ] }
Example 3: Import accounts from servers.
Syntax:
{ "Sharepoint Server": [ { "memberOf": [ "%OU=EPO,OU=ManagedSystem,OU=Client,DC=SAV,DC=POC,DC=SAVADMIN,DC=com" ] } ] }
05/02/2024 07:24 AM - edited 05/02/2024 07:34 AM
How do I create the endpoint filter functionality? is it by creating a new Application from application onboarding as shown here?
From the screen shot below: Where do I create System Name? What is the Organization?
f
05/02/2024 09:26 PM
Create Application using standard process
05/03/2024 08:21 AM
So I created the App : Advice_calc through the Security system as you advised, and I selected the AD where the App entitlements is int the connection box. See the screen shot for the Security system settings. Where do I add the App entitlement in this setting as you stated here:
{ "App1_Child_Endpoint": [ { "memberOf": [ "CN=ADGroup15,DC=sav,DC=com", "CN=ADGroup12,DC=sav,DC=com", "CN=ADGroup16,DC=sav,DC=com" ] } ] }
05/04/2024 08:08 AM
Its should be in connection - endpoint filter block
05/08/2024 08:22 AM - last edited on 05/08/2024 11:20 PM by Sunil
Hello @rushikeshvartak
When creating another connection to the AD. In the Endpoint filter box.Please see the attached screenshot and advise if that is the correct Endpoint filter value for the app: AnsibleTower and as you can see it has two OUs and one DC. I made the CN each app entitlement roles. Please advise if this is the correct mapping and I will do same for the other apps and groups as shown in the Groups OU here.:
[This message has been edited by moderator to mask url]
05/08/2024 08:49 PM
Its correct configs
05/09/2024 07:02 AM
Hello @rushikeshvartak
Thank you for confirming, I inserted the endpoint filter as shown above. But the connection was failing and I wanted to check with you to see if you have an idea why? Do I need to fill the search filter box too or just the endpoint filter?
05/09/2024 07:25 PM
Fix you connection issue and check logs
05/29/2024 07:15 AM - last edited on 05/30/2024 12:17 AM by Sunil
Hello @rushikeshvartak
I was able to fix the Connection - I didn't create a new connection. Instead I used one of the existing AD connections. I just added the Endpoint filters. Will creating an AD Logcall Application : FieldShare. The App is showing in Saviynt when requesting it and in the security system Endpoint. But the App Entitlements are not showing. See the screen shots.Please advise
[This message has been edited by moderator to mask company name]
05/29/2024 10:59 PM
✅👍Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.
05/02/2024 06:25 AM
Hello @rushikeshvartak
Is this same as this: Logical Active Directory Applications (saviyntcloud.com)? if yes, can you show me with screen shot how to create the application from steps 1 through 5? Thank you