Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Primary AD Accounts bulk update

glegault
New Contributor III
New Contributor III

‎05/23/2024 06:03 AM

Hi,

We would like to be able to bulk update (for current and future accounts) our primary AD accounts account type to Primary in order to configure our AD Endpoint Primary Account Type to Primary. This is to make sure Birthright rules apply only to primary accounts.

In our environment, the systemusername property on identities is equal to the AD account name of the primary account for all our users.

Would it be possible to share the high-level steps required to automatically update the account type to Primary for all accounts where the user systemusername associated to the account is equal to the account name?

Thank you for the help,

Labels:
0 Kudos
4 REPLIES 4

PremMahadikar
All-Star
All-Star

‎05/23/2024 11:12 AM

Hi @glegault ,

The below solution works if you are using S4S DB connector. (Refer - Solved: Re: How can we bulk update "Account Type" attribut... - Saviynt Forums - 18694)

  • First do AD accounts import
  • Write Sav to Sav to change the account type based on your logic/requirement. Below is the sample of the Sav to Sav ACCOUNTSIMPORT JSON. You can use this as base and modify it as per your requirement.

 

<![CDATA[Select a.name as name, s.SYSTEMNAME as securitysystem,e.ENDPOINTNAME as endpoint,
(CASE
WHEN a.endpointkey=30 THEN 'Primary Account'
WHEN a.endpointkey=70 THEN 'Disabled Account'
WHEN a.endpointkey IN(200,210) THEN 'Service Account'
WHEN a.endpointkey IN(80,90,100,110,120) THEN 'Privileged Account'
END) as accounttypename
from Accounts a
inner join user_accounts ua on ua.accountkey=a.accountkey
inner join users u on ua.userkey=u.userkey
inner join endpoints e on e.endpointkey=a.endpointkey
inner join securitysystems s on s.systemkey=e.SECURITYSYSTEMKEY
where a.endpointkey IN(30,70) and u.systemusername=a.name]]>
</sql-query>


<mapper description="This is the mapping field for SAviynt Field name" deleteaccountentitlement="true" ifusernotexists="noaction">
<mapfield saviyntproperty="accounts.name" sourceproperty="name" type="character"></mapfield>
<mapfield saviyntproperty="accounts.accounttype" sourceproperty="accounttypename" type="character"></mapfield>
<mapfield saviyntproperty="endpoints.endpointname" sourceproperty="endpoint" type="character"></mapfield>
<mapfield saviyntproperty="securitysystems.systemname" sourceproperty="securitysystem" type="character"></mapfield>
</mapper>
  • When you schedule jobs, first run the account import job and post that run your Sav to Sav DB import job. You can also use trigger chain here.

 

If this helps, please select Accept As Solution and hit Kudos

Best,
Prem Mahadikar
0 Kudos

glegault
New Contributor III
New Contributor III
In response to PremMahadikar

‎05/24/2024 05:33 AM

Hi PremMahadikar,

Thank you for the information. We will look into this at some point in the future but not for the next few weeks, I am keeping your JSON sample as I think it could be used for our needs after some changes to fit our environment needs. Thank you.

0 Kudos

rushikeshvartak
All-Star
All-Star

‎05/23/2024 11:15 AM

You can update account type using account import sheet one time.

https://forums.saviynt.com/t5/identity-governance/how-can-we-bulk-update-quot-account-type-quot-attr... 

https://forums.saviynt.com/t5/identity-governance/adding-service-account-owner-using-csv-file/m-p/94... 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

glegault
New Contributor III
New Contributor III
In response to rushikeshvartak

‎05/24/2024 05:35 AM

Hi rushikeshvartak,

Thank you for the information. I will look at the provided articles but I think the JSON sample provided by PremMahadikar should allow us to accomplish what we are trying to do even if I cannot test this and confirm at this point.

0 Kudos
Copyright © 2024 Khoros, LLC