Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict GCP group creation to selected users based on AD entitlement

krecpond
New Contributor III
New Contributor III

‎03/07/2023 08:24 AM

Hi,

We have a requirement for users to create elevated GCP groups on Google using Saviynt. However, in order to request creation of such groups on GCP, the user must have an entitlement from AD. How can the GCP group creation form be restricted to only users who have this entitlement? Is there any documentation on how such a use case can be addressed using the product?

 

Thanks,

Vijay.

Labels:
0 Kudos
3 REPLIES 3

krecpond
New Contributor III
New Contributor III

‎03/07/2023 08:27 AM

One additional requirement - how can form field level validations be enforced in the group management module? So basically, if the user does not have the AD account but is able to get to the GCP group creation request form, when the user selects the type of group to be created on GCP, Saviynt must immediately display a message that the selection is not allowed.

0 Kudos

sk
All-Star
All-Star

‎03/07/2023 09:34 AM

For first requirement it is not directly supported to show visibility based on AD entitlement. Workaround is Map AD entitlement to a SAV Role so that from end user point of view they request AD entitlement but in backend visibility is controlled by SAV Role

Second requirement: You have to do GSP page customization to achieve it. But not sure needed variables are exposed there are not.


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

rushikeshvartak
All-Star
All-Star

‎03/08/2023 01:21 AM

both requirements can be achieved using GSP level changes. GCP Page will be still visible to all users, but we can hide submit button based on AD Entitlement Access ( or you can use user's customproperty using user update rule / Saviynt 4 saviynt connect to update if user having AD Entitlement Access)

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC