Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Unix OOTB Connector - Shadow Files

vmudagal1
Regular Contributor
Regular Contributor

Hi Team, 

We are reconciling the Accounts and Entitlements of Unix using the Unix OOTB Connector. 

I see that in the Guide we would require to include the groups, passwd and shadow file to import the entitlements and accounts. 

I see the groups are being reconciled without any dependency on any other files but when trying to account to import accounts I see it needs Shadow and Passwd file to reconcile.

 

According to our client Security Policies the sharing of Shadow files is a breach of their security controls and also I see there is a mention that when an account is created manually and when reconciled the accounts would be inactive status when consulted with the Unix Team in client environment. 

The shadow file is only used for reading the account status, but for if the account is created manually the accounts reconciled would still have status inactive always based on the guide. 

Is there a way to do accounts reconciliation without the Shadow File?

Version: 5.5 sp3.11

Thanks, 

Vidya D Mudagal

6 REPLIES 6

SB
Saviynt Employee
Saviynt Employee

Let me check this and will update you.


Regards,
Sahil

ravendano
New Contributor
New Contributor

hi, is there an update? It has been almost a week already.

vmudagal1
Regular Contributor
Regular Contributor

Hi Sahil, 

Thank you! Please do keep us posted on your finding. 

Thank you, 

Vidya D Mudagal

prashantChauhan
Saviynt Employee
Saviynt Employee

Hi @vmudagal1 

According to the current implementation of the Unix Connector, it is mandatory to provide the Shadow file path in the connection. Otherwise, the Accounts will not be imported and the Import Job will fail.

Please create an enhancement request in the Ideas Portal to get this behavior changed so that the Shadow file is not required for the execution of the IGA use cases like the Accounts Import.

Meanwhile, we are also checking on a workaround where we provide a dummy shadow file and get the accounts imported. We will keep you updated on that.

Thanks.

 

vmudagal1
Regular Contributor
Regular Contributor

Hi @prashantChauhan 

Thank you for checking these details and providing a confirmation. 

Please do keep us posted on the workaround you mentioned. 

Thank you,

Vidya 

prashantChauhan
Saviynt Employee
Saviynt Employee

Hi @vmudagal1 

The workaround that I mentioned did not work out.

Please create an Idea for this so that this can be handled.

Thanks.