Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Possible to have two separate entitlement types for AD groups?

Go to solution
IAM
Regular Contributor
Regular Contributor

‎02/27/2024 07:01 AM

Hello.

Is it possible, using maybe the endpoint filter within the AD connection, to have 2 separate entitlement types but both are AD groups?

The ask is that they have a dropdown to select between edit or read-only AD groups, then a table under that to select what region they need access to, which are also AD groups.

I know I can import AD groups using the endpoint filter but is there a way to separate the groups after that into separate entitlement types that way I can get 2 different tables?

Labels:
0 Kudos
5 REPLIES 5

Go to solution
Amit_Malik
Valued Contributor II
Valued Contributor II

‎02/27/2024 07:25 AM

HI @IAM,

if you have a way to know which groups are read only or edit , which are regions . then update custom properties to store this info and use dynamic attributes to select entitlement that will match the selections.

Endpoint filter is to created child ENDPOINT not to create a different entitlement type.

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos

Go to solution
IAM
Regular Contributor
Regular Contributor
In response to Amit_Malik

‎02/27/2024 07:53 AM

Yes I can add that info in the customproperty but I still need them in 2 different tables, I can't have them in the same table.

Endpoint filter was just an example because you list the memberOf entitlement type.

 

 

0 Kudos

Go to solution
Amit_Malik
Valued Contributor II
Valued Contributor II
In response to IAM

‎02/27/2024 08:40 AM

I am not able to understand why you need it in two tables. Can you explain the use case? You can achieve it(Your use case) through dynamic attributes I think

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos

Go to solution
IAM
Regular Contributor
Regular Contributor
In response to Amit_Malik

‎02/28/2024 09:39 AM

The reason is because the first table lets the user choose whether or not they are requesting a read only group or edit group. This would actually be a dropdown not a table.

Then the second table would be the region. Here I need to list dozens of groups they can select from.

I think what I'm going to do is create an application role and they can select readonly/edit from that, then the second table will be the region.

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star

‎02/27/2024 07:59 PM

Its not supported to have multiple entitlement type. Please raise idea ticket


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC