Saviynt Forums

Ryne_G · ‎08/31/2023

We are creating two different PAM Account types - credential (adm.) and credentialess(prv.)

Through the connection we have I need to set the "name" attribute in AD for these accounts dependent on the type.

ADM accounts must follow the convention of Admin user.firstname user.lastname

PRV accounts will be named with the task.accountName value

Need some help on how to get the connection to set these case dependent values within the updateuserjson parameter.

Darshanjain · ‎09/04/2023

Are you using the create service accounts tile to create these accounts or is there any other way and why it has to be in updateuserjson, is it update account json?

May be if you can elaborate the requirement so that we can understand better.

Thanks

Darshan

Ryne_G · ‎09/05/2023

These are not service accounts. These are user accounts being created for PAM when requested through add access by users.

You are correct and I put the wrong parameter. This would need to be for the createaccountjson parameter for all new requests, but we also have to add it to the updateaccountjson for one time modification for any existing accounts as the name attribute for these accounts in AD has never been set.

Ryne_G · ‎09/13/2023

I may have not posed this question correctly. I was looking to conditionally set an attribute in AD. Was able to do so using the following

"cn":"${
String samaccount = task.accountName;
String name;
if (samaccount.contains('adm')){
name = 'Admin ' + user.firstname + ' ' + user.lastname;
}
if (samaccount.contains('prv')){
name = 'Prv ' + user.firstname + ' ' + user.lastname;
}
return name}",

Saviynt Forums

Setting single AD attribute based on another attribute