Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Make owner mandatory for AD Group Created through Saviynt

saipraveengv
New Contributor III
New Contributor III

‎10/09/2023 03:36 AM

HI, 

 

I am looking at create.gsp page to create AD groups. Can we make Owner as mandatory field for the groups created. Let me know if any one has acheived it. 

 

Is it possible to make requested as the default rank1 for the group created?

0 Kudos
12 REPLIES 12

smitg
Regular Contributor III
Regular Contributor III

‎10/09/2023 03:55 AM

Hi @saipraveengv 

I dont think owner selection can be made mandatory through gsp during AD group creation.

We have below condition in workflow to auto reject requests raised without owner to make sure all  the groups created via Saviynt have Owner details.
entitlement.ownerRank1 != null and entitlement.ownerRank1.size() != 0

Thanks,
Smitha

0 Kudos

saipraveengv
New Contributor III
New Contributor III

‎10/09/2023 04:02 AM

I have this set in workflow. But wanted UI to be more clear for the requestor to add the owner before submitting request

0 Kudos

dgandhi
All-Star
All-Star
In response to saipraveengv

‎10/09/2023 06:19 AM

I dont think there is option to make it mandatory.

You can update the label saying that adding owner is mandatory.

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

0 Kudos

saipraveengv
New Contributor III
New Contributor III

‎10/10/2023 02:07 AM - edited ‎10/10/2023 02:08 AM

Hi @dgandhi , @smitg If the owner cannot be made mandatory can we add requestor as owner for the AD Group. i am looking at the below json

"managedBy": "${allOwnerList?.size()>0 && ownerAccountListMap.size()>0 && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList?.get(0)?.userkey.username).get(0)?.accountID:${requestor.customproperty59}}", 

Will this work?

 

0 Kudos

saipraveengv
New Contributor III
New Contributor III

‎10/12/2023 11:24 PM

HI team,

I am trying to add Owner based on the customproperty59 of user for the newly created AD group. 

I am using below json

{"cn": "${role?.customproperty27}",
"objectCategory": "CN=Group,CN=Schema,CN=Configuration,DC=esselgroup,DC=local",

"sAMAccountName": "${role?.customproperty27}",
"objectClass": "group",
"name": "${role?.customproperty27}", "managedBy": "${user.customproperty59}","groupType":"${if (role.customproperty21 == 'Security' && role.customproperty22 == 'Global') '-2147483646' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Domain Local') '-2147483644' else if (role.customproperty21 == 'Security' && role.customproperty22 == 'Universal') '-2147483640' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Global') '2' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Domain Local') '4' else if (role.customproperty21 == 'Distribution' && role.customproperty22 == 'Universal') '8' else ''}"}

and it is erroring out with the error

2023-10-13T11:48:28+05:30-ecm-worker-{"log":"2023-10-13 06:18:27,717 [quartzScheduler_Worker-10] ERROR ldap.SaviyntGroovyLdapService - Error in createGroup : \n","stream":"stdout","time":"2023-10-13T06:18:27.717533616Z"}
 
2023-10-13T11:48:28+05:30-ecm-worker-{"log":"java.lang.NullPointerException: Cannot get property 'customproperty59' on null object\n","stream":"stdout","time":"2023-10-13T06:18:27.717550951Z"}
 
2023-10-13T11:48:28+05:30-ecm-worker-{"log":"\u0009at SimpleTemplateScript55.run(SimpleTemplateScript55.groovy:1)\n","stream":"stdout","time":"2023-10-13T06:18:27.717555473Z"}
 
Any idea why this error is coming 
?
we are on v2022
0 Kudos

pmahalle
All-Star
All-Star
In response to saipraveengv

‎10/12/2023 11:48 PM

Hi @saipraveengv ,

Why you are using customproperty59 of users to set as owner? Are you keeping user's AD DN in CP59 and expecting DN of owner selected during user creation/update automatically populated from CP59?

Use below expression in you createupdatemappings. It will automatically fetch the owner's  DN from accountid of the user's AD account selected during AD group creation.

"managedBy":"${if(ownerAccountListMap.size()>0 && allOwnerList.size()>0){ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username)!=null && ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).size()>0?ownerAccountListMap.get(allOwnerList.get(0)?.userkey.username).get(0)?.accountID:''}else{''}}"

Let me know if it helps.


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

saipraveengv
New Contributor III
New Contributor III

‎10/12/2023 11:52 PM - edited ‎10/12/2023 11:53 PM

hi @pmahalle I am saving users DN in CP59. The json you gave will work if the Owner is added during creation but if the requestor doesnt add the owner during creation, i wanted owner DN to be picked up from CP59. I have tried multiple if else and it didnot help me. 

0 Kudos

pmahalle
All-Star
All-Star
In response to saipraveengv

‎10/12/2023 11:56 PM

Hi @saipraveengv ,

I don't think user object is available directly in createupdatemapping json and that's why you are getting null object exception.


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

saipraveengv
New Contributor III
New Contributor III
In response to pmahalle

‎10/13/2023 12:14 AM

I have used the below json form Document portal. 

"cn":"${role?.customproperty1}",
"objectCategory":"CN=Group,CN=Schema,
CN=Configuration,DC=corpAD,DC=saviynt,DC=com",
"distinguishedName":"${role?.role_name}",
"displayName":"${role?.displayname}",
"SamAccountName":"${role?.customproperty1}",
"description":"${role?.description}",
"Info":"${role?.customproperty2}",
"objectClass":"group",
"managedBy":"${user?.customproperty7}",
"name":"${role?.customproperty1}",
"memberOf":"${role?.customproperty9}".

I don't think user object is not exposed for this?

0 Kudos

pmahalle
All-Star
All-Star
In response to saipraveengv

‎10/13/2023 12:25 AM

Hi @saipraveengv ,

Yes user object might not available in that JSON. So better user handle at workflow level. Reject the request automatically if user did not select owner while creating AD group as we can not make owner selection mandatory.

User below query in if-else block of the workflow: 

entitlement.ownerRank1 != null and entitlement.ownerRank1.size() != 0

pmahalle_0-1697181824034.png


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

saipraveengv
New Contributor III
New Contributor III

‎10/13/2023 12:28 AM

I don't want that approach. It would lead to more operational issues. Is there any logic that i can use to make owner as default requestor?

0 Kudos

pmahalle
All-Star
All-Star
In response to saipraveengv

‎10/13/2023 01:09 AM

Hi @saipraveengv ,

I don't thinks its possible. Better raise FD ticket and check with Saviynt. If not achievable, raise it as idea on ideas portal.

https://ideas.saviynt.com/


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos
Copyright © 2024 Khoros, LLC