We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Technical Rules / User Update Rules Issue

rambhan
New Contributor II
New Contributor II

Hi Team,

We are experiencing an issue while trying to provision access to an account in the Active Directory connector. While using technical rules or user update rules, we are able to work on user objects and target specific users, but we don't have an option in both rules to target specific accounts. If a user has two accounts, one for admin and one for normal, we should be able to target the normal account to provision access without touching the admin account. Is that possible in Saviynt? If yes, can anyone provide me with any documentation available?

7 REPLIES 7

Manu269
All-Star
All-Star

@rambhan You can specify what primay account type is in endpoint.

A user can have multiple types of accounts within an endpoint, such as - User Account, Service Account, Privileged Account. Here, a primary account can be selected amongst these multiple accounts, for which the relevant tasks can be created.

Hence, if a user has two accounts a and b and if you want the entitlement to be assigned to only account a and NOT account b then you need to provide the accountType value of account a from the Database, which will assign entitlements only to account a of user and NOT to account b.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

SumathiSomala
All-Star
All-Star

@rambhan Yes,The Primary Account Type parameter available in the Endpoint show page can be used for controlling add access tasks triggered from the Technical Rule.

SumathiSomala_0-1701263894179.png

 

Refer Controlling Add Access Tasks for Primary Account Type in an Endpoint section in below doc

Uploading Technical Rules (saviyntcloud.com)

 

If this reply answered your question, please accept it as a solution and kudos.

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

rambhan
New Contributor II
New Contributor II

Hi @SumathiSomala / @Manu269  Thanks for prompt response.

With the help of the primary account type, I was able to provide access to the specific account that I was looking for, but after provisioning, there is an issue where the entitlement heirarchy for the specific account that I chose for provision is showing for two entitlements when I only targeted one(PSN-SavPOC-Test9).

rambhan_0-1701269159755.png

Should I make any changes for this to populate only for the one that I targeted?

@rambhan Happening for other accounts aswell?

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

rambhan
New Contributor II
New Contributor II

Yes it was happened to the other admin account too before I ask the question here about primaryaccounttype.

what was old behaviour before primary account type config


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi @rushikeshvartak @SumathiSomala , before updating the primary account type, Saviynt picked up the admin account to provision, and the entitlements are provisioned in the same way.