Saviynt Forums

tsanchez · ‎08/05/2024

When a new AD group is created, sometimes it is required to sync the membership from an existing AD group. In this case, the existing AD group is already populated using a technical rule. I know that this can be accomplished with analytics, but I'm looking for a more scalable solution (i.e. 100+ 1-to-1 sync rules requiring 2 analytics each is a bit much). Any guidance that can be provided is most appreciated.

NM · ‎08/05/2024

Hi @tsanchez you can create a technical rule add the query using accounts_entielement table in advance query.

tsanchez · ‎08/06/2024

Thanks @NM, that worked.

NM · ‎08/06/2024

Hi @tsanchez , could you share the query it will be helpful for others

Thanks

tsanchez · ‎08/07/2024

Below is the query used in the advanced config of the technical rule, and here's the KB article that I used for reference: Obtaining the attribute details from tables other than the Users table for the Advanced Config query...

a.id in (select uu.id from Users uu, User_accounts ua, Accounts aa, Account_entitlements1 ae, Entitlement_values ev, Endpoints ee where uu.id = ua.userkey AND uu.statuskey = 1 AND ua.accountkey = aa.id AND aa.id = ae.accountkey AND ae.entitlement_valuekey = ev.id AND aa.endpointkey = ee.id AND ee.endpointname = '[srcEndpointName]' AND aa.status in ('1','Active') AND ev.entitlement_value = '[srcEntitlementValue]')

rushikeshvartak · ‎08/05/2024

Did you tried with request rules ?

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

sync entitlement members from existing entitlement to new entitlement, no mapping