Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mapped endpoint duplicate account creation

flegare
Regular Contributor III
Regular Contributor III

‎08/08/2024 12:28 PM

Hi folks,

Use case is to allow users to include parent endpoint when requesting access from mapped endpoint and provision a single account for both endpoints.

What I did:

  • Setup parent account naming rule.  
  • Setup child endpoint with mapped endpoint to parent. 
  • Allow child endpoint desired entitlement type to be requestable

Observed behavior at request time seems ok, user gets prompted to add parent endpoint when target does not have access to parent yet.

Provisioning tasks that get created have the right account name across the board:

flegare_0-1723144837191.png

Completed tasks look fine, too

flegare_1-1723145046602.png

However, after provisioning, the account that gets imported has a completely different account name generated.  Further, the expected account is marked as manual provisioning which makes sense as the expected account was never discovered back:

flegare_2-1723145180725.png

What could I be missing to have Saviynt provision a single account for both endpoints?

Thanks in advance!

 

Labels:
0 Kudos
5 REPLIES 5

rushikeshvartak
All-Star
All-Star

‎08/08/2024 01:14 PM

does both endpoint following same account name rule


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

flegare
Regular Contributor III
Regular Contributor III

‎08/08/2024 04:40 PM

I originally did not have a rule, expecting the child endpoint to use the same rule as the parent endpoint.  I just ran another test with the same rule configured in both endpoints and the same problem popped up, two accounts were created

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to flegare

‎08/08/2024 05:22 PM

Ideally account name rule should be same as account it should create account under child endpoint 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

flegare
Regular Contributor III
Regular Contributor III

‎08/08/2024 06:00 PM

Was gonna write a way-too-lenghty reply before deciding to test account creation at parent level and observe the same behavior.

Issue was related to createaccountjson, the sAMAccountName parameter was missing.

In the words of the great poet Homer Simpson: "D'oh"

This thread should be closed and preferably incinerated...

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to flegare

‎08/08/2024 07:36 PM

So all together issue with create account json config issue with missing samaccount name


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC