We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Request API to grant entitlements to service accounts or orphan accounts

RV
Regular Contributor
Regular Contributor

Does Saviynt has any request API to grant access to service accounts that are not associated to a user ?  We have been using /createrequest for user accounts but using the same API for orphan/service accounts are failing during provisioning.

Error : 

USERNAME admin is not associated with ACCOUNTNAME.

 

Which API should we use to request entitlements for Orphan accounts?

8 REPLIES 8

rushikeshvartak
All-Star
All-Star

add username as "admin"

rushikeshvartak_0-1701406352580.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

I've already tried by passing "admin",  which is when I got the error : USERNAME admin is not associated with ACCOUNTNAME

sk
All-Star
All-Star

@RV : For service accounts you can use below API to add or remove the access, and mandatory param is "accountType": "Service Account"

 
POST: {{base-url}}/ECM/{{path}}/createrequest

 

{
    "username": "admin",
    "requesttype": "ADD/REMOVE",
    "endpoint": "Test",
    "accountType": "Service Account",
    "securitysystem": "Test",
    "comments": "Test",
    "accountname": "test",
    "requestor": "admin",
    "entitlement": [
            "entitlementtype":"test",
            "entitlementvalue":"test"
],
}

 

For details refer: Request to Update Service Account section in this API documentation under Access Request -> Create Request -> Accounts


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

RV
Regular Contributor
Regular Contributor

What if it is a orphan account and not tagged as 'Service Account' in Saviynt ?  Can I still use the same API?  It is not working on the orphan accounts.

No It will not work for orphan accounts


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

SumathiSomala
All-Star
All-Star

{{url}}/ECM/{{path}}/createrequest

{
"username":"admin",
"requesttype":"NEW",
"endpoint":"System1",
"accountType":"Service Account",
"securitysystem":"System1",
"comments":"add comment",
"accountname":"adminacc1",
"requestor":"admin",
"dynamicattr":  { 
            "c":"TEST1", 
            "d":"243554675" 
},
"entitlement":[
	{"entitlementtype":"Role","entitlementvalue":"Administrator","startdate":"10-11-2018","enddate":"12-05-2018"}
],
"owner" :[
	{
		"ownerType" : "User",
		"name" : "dbailey",
		"rank" : "4"
	},
		{
		"ownerType" : "UserGroup",
		"name" : "ProvisioningTeam",
		"rank" : "4"
	},
		{
		"ownerType" : "UserGroup",
		"name" : "Team Approval",
		"rank" : "3"
	},
		{
		"ownerType" : "User",
		"name" : "TestUser"
	}
	
	
]
}

SumathiSomala_0-1701446767676.png

Saviynt Enterprise Identity Cloud API Reference v23.8 (getpostman.com)

 

If this reply answered your question, please Accept it As Solution to help others who may have a similar problem.

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

RV
Regular Contributor
Regular Contributor

I've used the similar payload and it did not work.  Only difference,  these accounts accounttype is not flagged as "Service Account" environment.   

For service account - Account Type is differentiator attribute hence you need to populate once.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.