We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Manage AD groups provisioning

Caesrob
Regular Contributor
Regular Contributor

We used the "Create AD Groups" button on the home page to create a group in the Active Directory endpoint. When the group was created, we went to "versions" in the group itself and sent the first version for approval. This created a task to provision the group to Active Directory. (This works)

Next, We imported groups through the Saviynt API createUpdateEntitlement endpoint into our Active Directory endpoint. The groups were successfully imported into Saviynt, but no tasks were created to provision the groups to Active Directory.

How do we automatically generate an "add entitlement" task for groups to Active Directory when they are imported through the Saviynt API?

 

 

5 REPLIES 5

dgandhi
All-Star
All-Star

When they are imported from target only, then why you want to provision the same to target? Can you elaborate more on the use case?

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

naveenss
All-Star
All-Star

Hi @Caesrob ,

can you please elaborate on the use case here?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

pmahalle
All-Star
All-Star

Hi @Caesrob ,

Use below API to create AD group in Saviynt instead of createUpdateEntitlement, then it will create task under pending task to provision to AD, just like you created through UI

https://{URL}/ECM/api/v5/createrequest

Sample Payload (Make changes as per your environment):

{
    "accesstype""roles"
    "requestor""admin",
    "displayname""Test ADGroup",
    "roletype""ADGroup",
    "entitlementtype""memberOf",
    "suffix""TestADGroup"
    "description":"Test AD group through Saviynt API",
    "requesttype""create",
    "category""Security",
    "securitysystem""Active Directory"
    "endpoint""Active Directory"
    "domain""DC=test,DC=Saviynt,DC=com"
    "environment":"Dev",
    "application""OU=Groups,DC=test,DC=Saviynt,DC=com",
    "owner": [
        {
            "ownername""<provide username>",
            "rank""1"
        }
    ]
}

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

SaviyntUser
New Contributor
New Contributor

Hi, I'm also looking for a solution to this query. Tried using the above approach, however it throws an error saying "An unexpected error occurred". Any suggestions?

Caesrob
Regular Contributor
Regular Contributor

We managed to get this working. If you use this set of attributes in the createrequest endpoint it should work.

 

{
  "accesstype": "roles",
  "requestor": "admin",
  "displayname": "966_TestGroup",
  "roletype": "ADGroup",
  "suffix": "966_TestGroup",
  "requesttype": "create",
  "category": "Security",
  "securitysystem": "XXXX", 
  "entitlementtype":"XXXX",
  "endpoint":"XXXX",
  "description": "Bachelor test 3",
  "domain": "DC=X,DC=X,DC=X",
  "application": "OU=X,OU=X,OU=X,DC=X,DC=X,DC=X",
  "customproperty38": "STUD_OPL_966",
  "customproperty40": "SLS"
}

 

Hope this helps!