Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/27/2024 06:44 AM
Hello,
We have configs when user is created in saviynt, it creates an AD account for the user. It also sets the userpassword attribute in AD. Below is the json. Is it possible that the encrpted password is stored because it displaying the password as it is.
{"samaccountname":"${user.systemUserName}","cn":"${cn}","givenName":"${user.firstname}","extensionattribute11":"${user.systemUserName}","extensionattribute10":"${user.customproperty14}","sn":"${user.lastname}","company":"${user.companyname}","pwdLastSet":"0","manager":"${user.customproperty39}","userPassword":"SamplePass24!","description":"${user.title}","displayName":"${user.firstname} ${user.lastname}","c":"${user.customproperty15}","streetAddress":"${user.street}","St":"${user.state}","L":"${user.city}",
"postalCode":"${user.customproperty44}","co":"${user.customproperty16}","countryCode":"${user.customproperty17}","objectclass":["top","person","organizationalPerson","user"]}
Thanks
Nidhi Sharma
08/27/2024 06:49 AM
08/27/2024 06:50 AM
Hi Rushi,
It should be encrypted while storing the password in AD. We do not want to generate a random password.
Thanks
Nidhi
08/27/2024 06:55 AM
You need to use ldaps connection and
{
"samaccountname": "${user.systemUserName}",
"cn": "${cn}",
"givenName": "${user.firstname}",
"extensionattribute11": "${user.systemUserName}",
"extensionattribute10": "${user.customproperty14}",
"sn": "${user.lastname}",
"company": "${user.companyname}",
"pwdLastSet": "0",
"manager": "${user.customproperty39}",
"password": "SamplePass24!",
"description": "${user.title}",
"displayName": "${user.firstname} ${user.lastname}",
"c": "${user.customproperty15}",
"streetAddress": "${user.street}",
"St": "${user.state}",
"L": "${user.city}",
"postalCode": "${user.customproperty44}",
"co": "${user.customproperty16}",
"countryCode": "${user.customproperty17}",
"objectclass": [
"top",
"person",
"organizationalPerson",
"user"
]
}
08/27/2024 06:57 AM
Hi @NID27 , use password instead of userpassword.