Saviynt Forums

yusufw · ‎08/04/2023

In a New Hire Employee use case:

After Saviynt creates the AD account, Saviynt will send an email to the user's manager with the AD password included. Currently, when I try to authenticate the user using the password, it does not work.

How can we configure Saviynt so that the password used (AD connector's randomPassword) to create the AD account is the same password that the user can use to authenticate into AD.

Here's some of the configuration so far:

AD CreateAccountJSON

I have also tried setting userPassword but it didn't work.

When the New Account task completes, an email is sent. The email body has a ${account_password} in it.

On the AD server, I am verifying that I can authenticate using the ldp tool (an ldap client), where I specify the user credential and password.

armaanzahir · ‎08/06/2023

Hi @yusufw ,

Please try removing your unicodePwd mapping in your provisioning json altogether and set the below connection parameters only.

This setting would implicitly set the password and associate it with the task, and on completion is referenceable in the task completion templates that are configured at the endpoint level. (${task.password})

Thanks,

Armaan

Regards,
Md Armaan Zahir

rushikeshvartak · ‎08/06/2023

Are you using password policy at security system level or connection level ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

Password generated to create AD account does not work for authenticating user in AD