Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Map entitlement owners for AD Groups through SAV4SAV REST

ShubhamBabbar
Regular Contributor
Regular Contributor

‎11/04/2024 03:49 AM

We want to map AD group owners, the default configuration on the connector has a limitation because the DN (marked as group owner) is not being imported inside Saviynt as accounts under the same endpoint.

We have tried to implement a workaround through SAV4SAV Rest entitlement import, to update the entitlement owners. the owners get updated but the existing account to entitlement mapping is lost.

We have the below STATUS_THRESHOLD_CONFIG:

{
"statusAndThresholdConfig": {
"deleteLinks": false,
"correlateInactiveAccounts": false,
"inactivateAccountsNotInFile": false,
"deleteAccEntForActiveAccounts": false
}
}

Attaching Entitlement Import JSON

ImportAccountEntJSON.json
0 Kudos
4 REPLIES 4

rushikeshvartak
All-Star
All-Star

‎11/04/2024 05:23 AM

  • This is becuase of acctEntParams parameters.
  • You should use OOTB AD connector and pull DN in account instead of sav4sav

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

ShubhamBabbar
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎11/04/2024 06:06 AM

Hi @rushikeshvartak  Thanks for your response, but pulling DN in account is not helpful as there is a segregation required between Privileged AD group and non-privileged AD groups (We have created 2 different endpoints). 
In our case the a non-privileged DN can be an owner of a privileged AD group, hence the problem where the non-privileged account would not exist and the owner would not map. 

0 Kudos

NM
Esteemed Contributor
Esteemed Contributor
In response to ShubhamBabbar

‎11/04/2024 06:11 AM

@ShubhamBabbar store owner dn in entitlement custom property and have enhanced query to map the account owner based on the present DN 


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

ShubhamBabbar
Regular Contributor
Regular Contributor
In response to NM

‎11/04/2024 06:34 AM

@NM  Thanks for your response, but "entitlement_owners" is a restricted table for enhanced query job.

0 Kudos
Copyright © 2024 Khoros, LLC