Saviynt Forums

saurabhpad · ‎09/21/2023

Hi,

we are working on logical aaplication. We have updated endpoint filter with required entitlement name.

on import child endpoint is created and accounts are also reflecting. We are facing issue related to account and entitlement relationship. On import accounts are not reflecting under entitlement. We have tried adding new account in target but still on recon it reflets under endpoint only. Is there any additional configuration required to reflect accounts under entitlemet.

sudeshjaiswal · ‎09/24/2023

Hello @saurabhpad,

In the Accounts are you able to see the entitlements and viceversa, Can you please share the screenshot as well.
Are you able to see the relationship data in the account_entitlements1 table.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

saurabhpad · ‎09/25/2023

Hi Sudesh,
no we are not able to see entitlement in account or vice versa. I have shred screen shot below. On import account reflected under endpoint but no entitlement relation ship reflecting.

also there is no relationship in data in table account_entitlements1

sudeshjaiswal · ‎09/26/2023

Hello @saurabhpad,

Can you please share the Connections params of the ACCOUNT_ATTRIBUTE and groupImportMapping.

Note: Please mask the company/confidential information.

Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".

saurabhpad · ‎09/26/2023

Accounts_Attributes :-

[
DISPLAYNAME::CN#String,
NAME::sAMAccountName#String,
COMMENTS::distinguishedName#String,
customproperty1::userAccountControl#String,
DESCRIPTION::description#String,
ACCOUNTID::objectGUID#Binary,
LASTLOGONDATE::lastLogon#millisec,
CREATED_ON::whenCreated#date,
UPDATEDATE::whenChanged#date,
customproperty2::name#String,
customproperty3::company#String,
customproperty4::department#String,
customproperty5::departmentNumber#String,
customproperty6::division#String,
customproperty7::employeeID#String,
customproperty8::employeeType#String,
RECONCILATION_FIELD::ACCOUNTID
]

GroupImport:-

{
"importGroupHierarchy": "true",
"entitlementTypeName": "",
"performGroupAccountLinking": "false",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping":"memberHash:member_char,customproperty1:sAMAccountType_char,customproperty2:instanceType_char,customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty5:dSCorePropagationData_char,customproperty12:dn_char,customproperty13:cn_char,lastscandate:whenCreated_date,customproperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customproperty9:name_char,customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:distinguishedName_char,customproperty14:objectClass_char,updatedate:whenChanged_date,customproperty17:distinguishedName_char,RECONCILATION_FIELD:customproperty17,customproperty18:objectGUID_Binary"
}

SumathiSomala · ‎09/30/2023

@saurabhpad Could you please try below groupImportmapping JSON and run the accessimportJob

{

"importGroupHierarchy": "true",

"entitlementTypeName": "",

"performGroupAccountLinking": "true",

"incrementalTimeField": "whenChanged",

"groupObjectClass": "(objectclass=group)",

"mapping":"memberHash:member_char,customproperty1:sAMAccountType_char,customproperty2:instanceType_char,customproperty3:uSNCreated_char,customproperty4:groupType_char,customproperty5:dSCorePropagationData_char,customproperty12:dn_char,customproperty13:cn_char,lastscandate:whenCreated_date,customproperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customproperty9:name_char,customproperty10:objectCategory_char,customproperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:distinguishedName_char,customproperty14:objectClass_char,updatedate:whenChanged_date,customproperty17:distinguishedName_char,RECONCILATION_FIELD:customproperty18,customproperty18:objectGUID_Binary"

}

Also Specify entitlementTypeName parameterin JSON if required.

Refer the below doument for more details.

Configuring the Integration for Importing Accounts and Access (saviyntcloud.com)

Let me know if helps.

Regards,
Sumathi Somala

If this reply answered your question, please Accept As Solution and give Kudos.

saurabhpad · ‎09/26/2023

@sudeshjaiswal I have provided required JSON in above comment

stalluri · ‎10/01/2023

There is a bug in Saviynt for associated entitlements.
If it is same endpoint no issues. If it is a different endpoint the associated entitlement is getting assigned to different account.

https://ideas.saviynt.com/ideas/EIC-I-4975
If you thing this is needed please vote for it.

Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.

rushikeshvartak · ‎10/01/2023

It should be defect rather than enhancement

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Logical AD application import issue