Saviynt Forums

When you submit a request for creating a new service account, the account name can be entered manually or generated based on an account name generation rule defined in this field.

To be able to have the option or field values in Access Requests and define the query to generate Service Account Name Rule, you first need to define the dynamic attributes in an endpoint of Request type ServiceAccount.

The Hide on Create and Hide on Update options for these dynamic attributes must be unchecked.

Defining the dynamic attributes in endpoint enables you to populate the data as per your requirement such as Region, Location, Country, Site Codes, Department, and accountType.

After defining the dynamic attributes in an endpoint, perform the following steps to define Service Account Name Rule.

For Example, The account name needs to start with 'ADAcc16' then specify 'ADAcc16'.

Followed by Region name (Region dynamic attribute must be defined and available). Specify 3 underscore characters, followed by $Region. Additionally, Saviynt provides the ability to define number of characters for attributes. Specify 2 hash (#) characters followed by 0 and suppose you want the first 3 characters, specify 2 more hash (#) characters after 0 and add 3. Complete string for Region first 3 characters is ${Region}##0##3.

To define the first 4 characters of Country name, append 3 underscore (_) followed by $Country. To filter first 4 characters, after $Country specify 2 hash (#) characters followed by 0 and suppose you want the first 4 characters, specify 2 more hash (#) characters after 0 and add 4. Complete string for Country is ${Country}##0###4.

You can also use a substring expression to generate service account name for specific number of characters belonging to dynamic attributes. For example, let us say you want to generate service account name from two dynamic attributes, by using first 8 characters from the accountname and from the second dynamic attribute such as Environment you just want the first character to be combined and then generate service account name. You can specify a substring such as ${AccountName.substring(0,8)}-${Environment.substring(0,1)}, which fetches the first 8 characters from AccountName and first character from Environment. If the Account name is Johncarlson and Environment is QA then based on the preceding rule substring query defined, the Service Account Name generated is Johncarl-Q.

Use Case: How to add conditional statement (if-else) in the service account name rule.

You can add the conditional statement (if-else) using the ternary operator, for an example the administrator wants to add a prefix for service account based on account type.

Consider the endpoint has four different service account types named Service Account, Test Account, Robot Account, and Shared Account and the administrator wants to add the prefix as svc,tst,bot,shr respectively based on account type selection along with dynamic attributes. You can achieve this using the ternary "?" operator. Here dynserviceactname is dynamic attribute that user will key in the value for service account.

Example1:

Account type : Test Account

dynserviceactname : test123

Generated Account name : tst_test123

Example2:

Account type : Service Account

dynserviceactname : check123

Generated Account name : svc_check123

Sample Query: ${accountType=='Service Account' ? 'svc'+dynserviceactname:(accountType=='Test Account' ? 'tst_'+dynserviceactname:(accountType=='Robot Account' ? 'bot_'+dynserviceactname:(accountType=='Shared Account' ? 'shr_'+dynserviceactname:'')))}_ 

https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter02-Identity-Repository/Viewi...