Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Not to create 2nd Account creation in AD when using Child Endpoints

GSR
Regular Contributor
Regular Contributor

Hi Team,

Can you please help on below Use case

Use case: Parent AD Endpoint EPP and once child endpoint EPC. Added Endpoint_filter at Connection level.

EPC is used as catalogue item in ServiceNow to request access (Saviyntapp on Snow)

Requirement: When requesting access to child endpoint EPC request & tasks are getting generated to create account and 2nd account in ad is getting created. Requirement is not to create 2nd account but use existing AD account.

 

8 REPLIES 8

Darshanjain
Saviynt Employee
Saviynt Employee

Hi @GSR 

Please make sure that Accountname generated to child account is same as parent account name, if its different it will try to create a new parent account as well.

 

Thanks

Darshan

rushikeshvartak
All-Star
All-Star
  1. Account Name should be same for both endpoints
  2. apply entitlementsonly in security system level

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

asp
Regular Contributor II
Regular Contributor II

Hi Rushikesh,

Have the same requirement for AD. I have added endpoint_filter and its correctly creating the child endpoints, But when a request is made for Child EndPoint, it creates a task for a 2nd account. 

If we make it 'entitlementsonly' at security system level', how will the main AD account be created? 

saipraveengv
New Contributor III
New Contributor III

If we keep entitlementsonly at securitysystem then new account task will not be created. I am facing the same issue as well. 

Hi @saipraveengv @asp 

I believe  rushikeshvartak  said if already a account is present in parent AD then use this config.

Now if you have requirement of creating parent AD account as well then you need to make sure Accountname generated should be same for parent and child so that it doesn't create.

 

Thanks

Darshan

saipraveengv
New Contributor III
New Contributor III

@Darshanjain @rushikeshvartak , Even if i keep same account name and Entitlements only, i still see new account task is created for the user. 

 

Share endpoint configuration 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

saipraveengv
New Contributor III
New Contributor III

hi @rushikeshvartak ,

Account name rule in both endpoints (parent+child) -->Systemusername

Connection configuration in endpoint -->

{ "conf":[ {"ADDUSERTOENT":"TRUE"}, {"ADDMEMBERTOENT":"TRUE"} ]}

Security system --> Task  for entitlements only