Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Logical Application Issue - Creating new account when requesting for child endpoint

RanjithSaiM
New Contributor
New Contributor

‎07/27/2024 11:25 AM

Hi

We have a requirement to onboard applications which are actually managed by Active Directory groups. We have onboarded Active Directory as an application and then used endpoint filter option to create child endpoints. The child endpoints were created successfully as expected with the list of entitlements filtered in the endpoint filter.

As per the link, I even tried setting the parent Security System with entitlement only task action.

https://docs.saviyntcloud.com/bundle/KBAs/page/Content/Logical-Active-Directory-Applications.htm

Now during Access Request when we try to select the new child application, it is trying to create new account. I do not have to create new account as the parent endpoint already has the account.

0 Kudos
6 REPLIES 6

NM
Esteemed Contributor
Esteemed Contributor

‎07/27/2024 09:52 PM

Hi @RanjithSaiM , in the child endpoint do you see active directory tagged as parent?

Keep create account json empty and use entitlement only config in security system.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

rushikeshvartak
All-Star
All-Star

‎07/28/2024 06:47 AM

  • As per product design every application needs own account irrespective child or normal .
  • If in your case requesting child / logical application is creating new account it means you have select different account name than parent endpoint

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

RanjithSaiM
New Contributor
New Contributor

‎07/28/2024 09:17 AM

@NMYes, I have mapped it as Parent endpoint. The only problem I see with keeping Create Account empty is Joiners use case for AD, as we need to createAccount in Active Directory for new users. Once user has Active Directory account, then he/ she can submit request for these child applications.

@rushikeshvartak, As per your first point, is it supposed to submit request for the account in Parent endpoint? If I am creating a new account wouldnt it will beat the purpose of calling it a Logical application? Regarding your second bullet, I did try mapping the parent endpoint in the Mapped endpoints. Even then it was trying to create account, in fact it even complains that the accountName is already used.

How are you guys creating a Logical Application for customers, it would be greatly appreciated if you can bullet some high level steps, like create connection with endpoint filter, create security system etc. Thanks!

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to RanjithSaiM

‎07/29/2024 08:28 AM

For us Account Management is outside of Saviynt so working as expected


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

dgandhi
All-Star
All-Star
In response to RanjithSaiM

‎09/17/2024 12:14 PM

Hi @RanjithSaiM 

Were you able to resolve this? We have similar kind of situation.

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

0 Kudos

adarshk
Saviynt Employee
Saviynt Employee

‎08/01/2024 01:59 AM

Does Parent and Child endpoints have different accountnamerule ? 

If a logical application is requested for a user who do not have account on parent endpoint, new account task for parent endpoint will be created and account will be provisioned for target. Also, an account will be created under logical endpoint which wont be provisioned. 

The new account which is getting created in your case is for parent endpoint or child endpoint? Validate the accountnamerule

0 Kudos
Copyright © 2024 Khoros, LLC