Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Reconcile multiple SamAccount to same user

PascalMontreuil
New Contributor III
New Contributor III

Hello,

Due to an implementation, we need to create users, in Active Directory, with sub users to their main account, example rabita, so for that user to do test in prod, we are creating sub account like rabita1, rabita2 etc.
Is there a way to create a reconcile job in SAVIYNT base of the first 6 letter of the user SamAccount to the main User in SAVIYNT, because right now i have the main user with is principale SamAccount, and all of is "sub" account are not identify to a main user in SAVIYNT

Pascal Montreuil
11 REPLIES 11

rushikeshvartak
All-Star
All-Star

Does accounts are not getting mapped to user ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

PascalMontreuil
New Contributor III
New Contributor III

Yes because they are not been created via SAVIYNT but directly in AD.

We are still young in SAVIYNT and we are not that mature to be able to create “Sub SamAccount” directly into SAVIYNT  to the same user.  So our AD Sys Admin are creating those user directly in AD with the HR Employee ID with a letter at the end so when we go into SAVIYNT – Active Directory – Accounts, I see the main SamAccount map to our Main Saviynt User but is other SamAccount or without a user so we would like to reconcile them with the first 6 caracter of those SamAccount.

Pascal Montreuil

Update account correlation rule under endpoint 

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Thank you we will check it out

Pascal Montreuil

If you have any common filed b/w Saviynt User and AD account like Employee ID then use that as condition in user account correlation rule on Endpoint level. Otherwise you can use advanced query to get substring of samaccountname and match with username or systemusername to correlate


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

JasBel
New Contributor III
New Contributor III

I'm working with Pascal on this problem.  We have customproperty6 ending with letters when the user has more than one account in Active Directory.  User account has the unique employeeid.  We are trying to reconciliate with the employeeid using this User Account Correlation rule: 

employeeid = CONCAT(LEFT(customproperty6, CHAR_LENGTH(customproperty6) - 1), IF(RIGHT(customproperty6, 1) REGEXP '[a-z]' = 0, RIGHT(customproperty6, 1), ''))

Saviynt does not seem to reconciliate the Active Directory accounts with this rule.

Any other idea we can try? Maybe it's correct but is there a way to run this with the Active Directory accounts already in Saviynt?
Thank you in advance.

Jason

users.employeeid = CONCAT(LEFT(accounts.customproperty6, CHAR_LENGTH(accounts.customproperty6) - 1), IF(RIGHT(accounts.customproperty6, 1) REGEXP '[a-z]' = 0, RIGHT(accounts.customproperty6, 1), ''))

 

Please share cp6 of accounts and employee id screenshot if above does not work


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

With this change @rushikeshvartak will it reconcile those Account under the same user even if those accounts are already in SAVIYNT?

Pascal Montreuil

Yes it will map account with user if its orphan


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Thank you Rushikesh it worked perfectly!

Please accept working solution to help others


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.