Saviynt Forums

RV · ‎11/30/2023

Does Saviynt has any request API to grant access to service accounts that are not associated to a user ? We have been using /createrequest for user accounts but using the same API for orphan/service accounts are failing during provisioning.

Error :

USERNAME admin is not associated with ACCOUNTNAME.

Which API should we use to request entitlements for Orphan accounts?

rushikeshvartak · ‎11/30/2023

add username as "admin"

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV · ‎12/01/2023

I've already tried by passing "admin", which is when I got the error : USERNAME admin is not associated with ACCOUNTNAME

sk · ‎12/01/2023

@RV : For service accounts you can use below API to add or remove the access, and mandatory param is "accountType": "Service Account"

POST: {{base-url}}/ECM/{{path}}/createrequest

{
    "username": "admin",
    "requesttype": "ADD/REMOVE",
    "endpoint": "Test",
    "accountType": "Service Account",
    "securitysystem": "Test",
    "comments": "Test",
    "accountname": "test",
    "requestor": "admin",
    "entitlement": [
            "entitlementtype":"test",
            "entitlementvalue":"test"
],
}

For details refer: Request to Update Service Account section in this API documentation under Access Request -> Create Request -> Accounts

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

RV · ‎12/01/2023

What if it is a orphan account and not tagged as 'Service Account' in Saviynt ? Can I still use the same API? It is not working on the orphan accounts.

sk · ‎12/01/2023

No It will not work for orphan accounts

Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

SumathiSomala · ‎12/01/2023

{{url}}/ECM/{{path}}/createrequest

{
"username":"admin",
"requesttype":"NEW",
"endpoint":"System1",
"accountType":"Service Account",
"securitysystem":"System1",
"comments":"add comment",
"accountname":"adminacc1",
"requestor":"admin",
"dynamicattr":  { 
            "c":"TEST1", 
            "d":"243554675" 
},
"entitlement":[
	{"entitlementtype":"Role","entitlementvalue":"Administrator","startdate":"10-11-2018","enddate":"12-05-2018"}
],
"owner" :[
	{
		"ownerType" : "User",
		"name" : "dbailey",
		"rank" : "4"
	},
		{
		"ownerType" : "UserGroup",
		"name" : "ProvisioningTeam",
		"rank" : "4"
	},
		{
		"ownerType" : "UserGroup",
		"name" : "Team Approval",
		"rank" : "3"
	},
		{
		"ownerType" : "User",
		"name" : "TestUser"
	}
	
	
]
}

Saviynt Enterprise Identity Cloud API Reference v23.8 (getpostman.com)

If this reply answered your question, please Accept it As Solution to help others who may have a similar problem.

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

RV · ‎12/01/2023

I've used the similar payload and it did not work. Only difference, these accounts accounttype is not flagged as "Service Account" environment.

rushikeshvartak · ‎12/02/2023

For service account - Account Type is differentiator attribute hence you need to populate once.

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Saviynt Forums

Request API to grant entitlements to service accounts or orphan accounts