Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/08/2024 12:28 PM
Hi folks,
Use case is to allow users to include parent endpoint when requesting access from mapped endpoint and provision a single account for both endpoints.
What I did:
Observed behavior at request time seems ok, user gets prompted to add parent endpoint when target does not have access to parent yet.
Provisioning tasks that get created have the right account name across the board:
Completed tasks look fine, too
However, after provisioning, the account that gets imported has a completely different account name generated. Further, the expected account is marked as manual provisioning which makes sense as the expected account was never discovered back:
What could I be missing to have Saviynt provision a single account for both endpoints?
Thanks in advance!
08/08/2024 01:14 PM
does both endpoint following same account name rule
08/08/2024 04:40 PM
I originally did not have a rule, expecting the child endpoint to use the same rule as the parent endpoint. I just ran another test with the same rule configured in both endpoints and the same problem popped up, two accounts were created
08/08/2024 05:22 PM
Ideally account name rule should be same as account it should create account under child endpoint
08/08/2024 06:00 PM
Was gonna write a way-too-lenghty reply before deciding to test account creation at parent level and observe the same behavior.
Issue was related to createaccountjson, the sAMAccountName parameter was missing.
In the words of the great poet Homer Simpson: "D'oh"
This thread should be closed and preferably incinerated...
08/08/2024 07:36 PM
So all together issue with create account json config issue with missing samaccount name