Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Thycotic Connector - Group and folder association

AmitM
Valued Contributor
Valued Contributor

‎05/03/2023 08:20 AM - edited ‎05/04/2023 06:27 AM

HI Team, I was going through the Thycotic integration doc - https://docs.saviyntcloud.com/bundle/Thycotic-v23x/page/Content/Understanding-the-Integration-betwee...

but it seems we don't have configs to import association between thycotic group and folders.

For example , we have a Folder A , Group A , User A , User B , User C.

User A and B are added to Group A

User C has permissions directly on Folder A

Group A also have same permissions on Folder A

Looking at the JSONs and in IGA, we will not see that user A and B can access Folder A as their relation is not direct. In Saviynt, it only shows user A and B have access to Group A and not Folder.

This information between Group and Folder association is present in Thycotic API but via individual API call to folder. Not a full dump that can be used in entMappingParams with SequentialAndIterative processing type

https://abctest.secretservercloud.com/api/v1/folder-permissions?filter.folderId=${id}

Now, Saviynt doesn't have httpEntToEnt processing type so I am wondering is it even doable??

Can we do it? if yes, please share and let's update the document as well

Labels:
0 Kudos
3 REPLIES 3

prashantChauhan
Saviynt Employee
Saviynt Employee

‎05/05/2023 01:05 AM

The Group to Folder mapping is not supported in Thycotic Connector. It is listed as one of the limitations in the doc as well-

https://docs.saviyntcloud.com/bundle/Thycotic-v23x/page/Content/Introduction.htm

The limitation was there due to some unsupported response structure.

We can check if that is still the case.

0 Kudos

AmitM
Valued Contributor
Valued Contributor
In response to prashantChauhan

‎05/05/2023 01:20 AM - edited ‎05/05/2023 01:30 AM

Hi Prashant,

But there is a scope of Saviynt to change the way they reconcile information for entitlement to entitlement association. Not every endpoint or other SaaS aaps will write their APIs as per Saviynt requirements right?

 DO we have a enhancement for this already ? or is Saviynt reaching out to Delinea to change their APIs?

Can their be a workaround possible via Jars? 

Our PAM team is planning to give folder access via groups and not directly to users on folders so we really need this to work

0 Kudos

prashantChauhan
Saviynt Employee
Saviynt Employee
In response to AmitM

‎05/08/2023 01:52 AM - edited ‎05/08/2023 01:54 AM

Hi Amit, 

This is still a known limitation present in the Thycotic/REST connector.

Please open an enhancement in the Ideas portal for this with all the required details to get this addressed. 

 

 

0 Kudos
Copyright © 2024 Khoros, LLC