and more in a single search tool across platforms. Read the announcement here. |
11/29/2023 04:55 AM
Hi Team,
We are experiencing an issue while trying to provision access to an account in the Active Directory connector. While using technical rules or user update rules, we are able to work on user objects and target specific users, but we don't have an option in both rules to target specific accounts. If a user has two accounts, one for admin and one for normal, we should be able to target the normal account to provision access without touching the admin account. Is that possible in Saviynt? If yes, can anyone provide me with any documentation available?
11/29/2023 05:12 AM
@rambhan You can specify what primay account type is in endpoint.
A user can have multiple types of accounts within an endpoint, such as - User Account, Service Account, Privileged Account. Here, a primary account can be selected amongst these multiple accounts, for which the relevant tasks can be created.
Hence, if a user has two accounts a and b and if you want the entitlement to be assigned to only account a and NOT account b then you need to provide the accountType value of account a from the Database, which will assign entitlements only to account a of user and NOT to account b.
11/29/2023 05:13 AM - edited 11/29/2023 05:18 AM
@rambhan Yes,The Primary Account Type parameter available in the Endpoint show page can be used for controlling add access tasks triggered from the Technical Rule.
Refer Controlling Add Access Tasks for Primary Account Type in an Endpoint section in below doc
Uploading Technical Rules (saviyntcloud.com)
If this reply answered your question, please accept it as a solution and kudos.
11/29/2023 06:47 AM
Hi @SumathiSomala / @Manu269 Thanks for prompt response.
With the help of the primary account type, I was able to provide access to the specific account that I was looking for, but after provisioning, there is an issue where the entitlement heirarchy for the specific account that I chose for provision is showing for two entitlements when I only targeted one(PSN-SavPOC-Test9).
Should I make any changes for this to populate only for the one that I targeted?
11/29/2023 07:06 AM
@rambhan Happening for other accounts aswell?
11/29/2023 07:07 AM
Yes it was happened to the other admin account too before I ask the question here about primaryaccounttype.
11/29/2023 07:23 PM
what was old behaviour before primary account type config
11/30/2023 04:12 AM - edited 12/01/2023 05:04 AM
Hi @rushikeshvartak @SumathiSomala , before updating the primary account type, Saviynt picked up the admin account to provision, and the entitlements are provisioned in the same way.