Thycotic Connector - Group and folder association

New Contributor III
New Contributor III

HI Team, I was going through the Thycotic integration doc -

but it seems we don't have configs to import association between thycotic group and folders.

For example , we have a Folder A , Group A , User A , User B , User C.

User A and B are added to Group A

User C has permissions directly on Folder A

Group A also have same permissions on Folder A

Looking at the JSONs and in IGA, we will not see that user A and B can access Folder A as their relation is not direct. In Saviynt, it only shows user A and B have access to Group A and not Folder.

This information between Group and Folder association is present in Thycotic API but via individual API call to folder. Not a full dump that can be used in entMappingParams with SequentialAndIterative processing type${id}

Now, Saviynt doesn't have httpEntToEnt processing type so I am wondering is it even doable??

Can we do it? if yes, please share and let's update the document as well


Saviynt Employee
Saviynt Employee

The Group to Folder mapping is not supported in Thycotic Connector. It is listed as one of the limitations in the doc as well-

The limitation was there due to some unsupported response structure.

We can check if that is still the case.

Hi Prashant,

But there is a scope of Saviynt to change the way they reconcile information for entitlement to entitlement association. Not every endpoint or other SaaS aaps will write their APIs as per Saviynt requirements right?

 DO we have a enhancement for this already ? or is Saviynt reaching out to Delinea to change their APIs?

Can their be a workaround possible via Jars? 

Our PAM team is planning to give folder access via groups and not directly to users on folders so we really need this to work

Hi Amit, 

This is still a known limitation present in the Thycotic/REST connector.

Please open an enhancement in the Ideas portal for this with all the required details to get this addressed.