Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Privileged Account Creation in AD

sabthamis
New Contributor
New Contributor

‎02/29/2024 07:16 AM

Hello All,

We have a requirement to create AD account for the users (which is the privileged account say EA / DA /SA account) apart from their personal account. This EA / DA/ SA will be requested from Access Request page and provisioned in AD once after all approvals.

We have a AD connection (security system, endpoint, connection) created already.  What woulbe be best approach here ? Can we separate AD connection with new  security system, endpoint, connection ? Also once the access request is raised we need to specify the account name on the AD account created as "EA-username" if user is requesting for EA account then as "DA-username" if user is requesting for DA account then as "SA-username" if user is requesting for SA account. 

Can we add dynamic variable while requesting based on the selection the create JSON creates the AD account.

Any help on this is much appreciated. 

Thanks,

Sabthami Subramanian

Labels:
0 Kudos
6 REPLIES 6

AmitM
Valued Contributor
Valued Contributor

‎02/29/2024 09:36 AM

Hi @sabthamis , How about using service accounts as service account in Saviynt instead normal accounts?

https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Provisioni...

Search : To utilize a single JSON to support generic account and service account creation

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

0 Kudos

sabthamis
New Contributor
New Contributor
In response to AmitM

‎02/29/2024 10:17 PM

Thanks for responding. I will go through the link.

But still one thing is not clear, For this do we need to create a separate connection from the one AD connection existing already ?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sabthamis

‎02/29/2024 10:45 PM

You can create separate connection to keep configuration clean


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

sabthamis
New Contributor
New Contributor
In response to rushikeshvartak

‎02/29/2024 11:02 PM

@AmitM @rushikeshvartak - Thanks for your response. So here the user can raise request for any three type of accounts (DA/EA/SA). how this can be archived do we need to add dynamic attribute in the request form to select which account they request for ? or any other way to achieve this ?

Thanks

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to sabthamis

‎02/29/2024 11:08 PM

You can use service account module


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

sabthamis
New Contributor
New Contributor

‎03/01/2024 02:39 AM

Hi Rushikesh,

Under which section this functionality is present. Can you please help me here.

Thanks

0 Kudos
Copyright © 2024 Khoros, LLC