and more in a single search tool across platforms. Read the announcement here. |
11/30/2023 10:33 AM
Does Saviynt has any request API to grant access to service accounts that are not associated to a user ? We have been using /createrequest for user accounts but using the same API for orphan/service accounts are failing during provisioning.
Error :
USERNAME admin is not associated with ACCOUNTNAME.
Which API should we use to request entitlements for Orphan accounts?
11/30/2023 08:52 PM
add username as "admin"
12/01/2023 06:02 AM
I've already tried by passing "admin", which is when I got the error : USERNAME admin is not associated with ACCOUNTNAME
12/01/2023 07:57 AM - edited 12/01/2023 07:59 AM
@RV : For service accounts you can use below API to add or remove the access, and mandatory param is "accountType": "Service Account"
{
"username": "admin",
"requesttype": "ADD/REMOVE",
"endpoint": "Test",
"accountType": "Service Account",
"securitysystem": "Test",
"comments": "Test",
"accountname": "test",
"requestor": "admin",
"entitlement": [
"entitlementtype":"test",
"entitlementvalue":"test"
],
}
For details refer: Request to Update Service Account section in this API documentation under Access Request -> Create Request -> Accounts
12/01/2023 01:09 PM
What if it is a orphan account and not tagged as 'Service Account' in Saviynt ? Can I still use the same API? It is not working on the orphan accounts.
12/01/2023 02:54 PM - edited 12/01/2023 02:55 PM
No It will not work for orphan accounts
12/01/2023 08:07 AM
{{url}}/ECM/{{path}}/createrequest
{ "username":"admin", "requesttype":"NEW", "endpoint":"System1", "accountType":"Service Account", "securitysystem":"System1", "comments":"add comment", "accountname":"adminacc1", "requestor":"admin", "dynamicattr": { "c":"TEST1", "d":"243554675" }, "entitlement":[ {"entitlementtype":"Role","entitlementvalue":"Administrator","startdate":"10-11-2018","enddate":"12-05-2018"} ], "owner" :[ { "ownerType" : "User", "name" : "dbailey", "rank" : "4" }, { "ownerType" : "UserGroup", "name" : "ProvisioningTeam", "rank" : "4" }, { "ownerType" : "UserGroup", "name" : "Team Approval", "rank" : "3" }, { "ownerType" : "User", "name" : "TestUser" } ] }
Saviynt Enterprise Identity Cloud API Reference v23.8 (getpostman.com)
If this reply answered your question, please Accept it As Solution to help others who may have a similar problem.
12/01/2023 11:12 AM
I've used the similar payload and it did not work. Only difference, these accounts accounttype is not flagged as "Service Account" environment.
12/02/2023 08:30 PM
For service account - Account Type is differentiator attribute hence you need to populate once.