I've encountered an issue with storing the Distinguished Name (DN) for entitlements in Saviynt, which seems to be a common challenge. In Active Directory, a DN can be up to 1024 characters long, but in Saviynt, the entitlement_value field is limited to 255 characters. I've seen posts where this has already been raised as an idea, and I’m aware that we can use (CP1) - (CP5) as alternatives.
However, I have a couple of questions:
1) Impact on Import Process: What happens when an entitlement is mapped to a DN that exceeds 255 characters? Will it disrupt the entire import process, or will it just skip that specific entitlement?
2) CP1 as a Unique Key for Account Assignment: If we map the DN to CP1, will CP1 then serve as the unique key for account access assignments? Since the entitlement_valuekey is used for assignments in Saviynt, and the DN is typically the unique key in AD, using something like the CN in entitlement_value instead wouldn’t work.
What would be the recommended approach for this scenario?
Any guidance or best practices on handling this would be greatly appreciated!
