Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Salesforce connector import custom field on User Object as entitlements

Anu
Regular Contributor
Regular Contributor

Hi ,

For an salesforce application we have custom field on "user" Object (column name XXX_role__c). It contains multivalued attribute separated by an semicolon (XXX_role__c : C1;C2;C3;C4,etc) . When a user submits request and based on selection he makes C1,C2 or C1,C2,C3 he gets additional privileges in Target system.

Is it possible if we can reconcile these user column values as entitlements in Saviynt else is there an alternate solution on how we can manage the values on this columns for users reconciliation and provisioning purpose? 

 

11 REPLIES 11

SB
Saviynt Employee
Saviynt Employee

When you run the import, do you see the multiple values getting imported in Saviynt or is it giving you an error?


Regards,
Sahil

Anu
Regular Contributor
Regular Contributor

@SBThanks for the response. During import we had mapped it to accountscustomproperty31:XXX_role__c but it failed with error 'data too long to insert' . Later Just to test we mapped it to accountsdescription column (description:XXX_role__c) for testing which  successfully imported the values as C1;C1;C3,etc in accounts descriptions field. However the ask here is,

1) Which accounts CP allows more than 600 characters to be inserted?

2)Can we import these values as individual entitlements so that it can be used during access provisioning. Does Salesforce connector allow?

SB
Saviynt Employee
Saviynt Employee

You can use Customproperty 41 onwards in accounts table. You can navigate to Admin>Admin Functions>Data Analyzer from UI to view the datatype of each column.

As for the importing these values as individual entitlements, OOB salesforce connector may not support it.


Regards,
Sahil

Anu
Regular Contributor
Regular Contributor

@SB Thanks for the response. We want these values to be available for the end-users to be requestable during access and provisioned. Hence if OOB salesforce connector doesn't support this , is there an alternate approach you could suggest. REST Api's are also not exposed.

SB
Saviynt Employee
Saviynt Employee

The additional Privileges that the user gets in Salesforce, are these also present/imported in Saviynt as Entitlements or are they only present in the target.


Regards,
Sahil

Anu
Regular Contributor
Regular Contributor

@SB These additional privileges are present in Salesforce under column name "XXX_role__c" which is an user objects ,stored as a multivalued attribute hence if possible we want to import them as entitlements in Saviynt.

You can make standalone Entitlement type in Saviynt. It won't be possible to create entitlement based on comma separated 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Anu
Regular Contributor
Regular Contributor

@rushikeshvartak Thanks for the response. Incase we create these standalone entitlements, but for provisioning would Salesforce connector be able to provision these access/entitlements ?

These access/entitlements are mapped to a user object("XXX_role__c") column in salesforce and when any users submits request for this entitlement the value should get provisioned to "XXX_role__c" column

Looking forward for your suggestions

SB
Saviynt Employee
Saviynt Employee

The OOb salesforce connector will not be able to provision it but you can try this implementation using REST connector and see if it solves your purpose.


Regards,
Sahil

AmitM
Valued Contributor
Valued Contributor

Hi @Anu , we had a similar use case and we handled it using :

1)Creating entitlement type manually and entitlements for it. Make those requestable in ARS. IN our case it was based on dynamic attribute selection

2)We are using ootb for recon and REST for provisioning. When those manually created entitlements are requested , we are calling update account in add access JSON. We can have a separate call in add access json for each entitlement Type.

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

Anu
Regular Contributor
Regular Contributor

Thanks for response @AmitM . We have already implemented the solution last month using the same above mentioned design.