Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Primary Account Type for AD

New Contributor
New Contributor

Where do we set the options for primary account type? Our AD Endpoint has no values to select from. Also, how do we set this in the import to set primary account type for specific accounts that we can identify either by naming convention or by the OU from which they were collected? Also, if we set this will it disrupt terminations(meaning will it only disable the primary accounts or will it disable all)? 





@sherbert : You can set this only when you have any accounts with account type populated under respective endpoint. If you don't have any accounts then as workaround you can temporarily upload one dummy account with required account type and then you can set this value

If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Is there somewhere I can I set in the import for AD to set the account type when importing accounts from a specific OU? 

Hi @sherbert ,

If you have any attribute holding the account type in AD them you can map that to accounttype attribute of Saviynt in ACCOUNT_ATTRIBUTES. There is no way to set hardcoded value in Saviynt account (account type in your case) while importing/reconciling the accounts from AD. 

If you want, once accounts are imported in Saviynt from, you can use SAV as SAV connection and set the account type using ACCOUNT IMPORT xml.

Sample Account Import XML, you can update it as per your requirement:

<![CDATA[Select as name, s.SYSTEMNAME as securitysystem,e.ENDPOINTNAME as endpoint,
WHEN a.accountid like '%OU=Primary%' THEN 'Primary Account'
WHEN a.accountid like '%OU=Admin%' THEN 'Admin Account'
END) as accounttypename
from Accounts a
inner join endpoints e on e.endpointkey=a.endpointkey
inner join securitysystems s on s.systemkey=e.SECURITYSYSTEMKEY
where a.endpointkey IN(30)]]>

<mapper description="This is the mapping field for SAviynt Field name" deleteaccountentitlement="true" ifusernotexists="noaction">
<mapfield saviyntproperty="" sourceproperty="name" type="character"></mapfield>
<mapfield saviyntproperty="accounts.accounttype" sourceproperty="accounttypename" type="character"></mapfield>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpoint" type="character"></mapfield>
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="securitysystem" type="character"></mapfield>

Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂