and more in a single search tool across platforms. Read the announcement here. |
02/21/2024 08:02 AM
I have a scenario to write user account correlation based on conditions. How do I accomplish the below?
If account name length is 10 and it starts with adm. then users.username=concat('adm.',accounts.name)
If account name length is not 10 then users.username=accounts.name
What is the syntax for this in user account correlation rule in endpoint?
Corner case -> there are some users in saviynt locally with naming convention as adm.username. I don't want the privileged account to be mapped to Saviynt local entry. I want both regular user account and privileged account (Adm.) to be mapped with the username itself
Solved! Go to Solution.
02/21/2024 08:27 AM
Hi @Sivagami , hope I have not misunderstood your ask but why to add condition. We too have same scenario and we simply are using (users.username) = accounts.name#concat('ADM',users.username) = accounts.name.
This gets both personal accounts and ADM accounts linked to user record.
Thanks,
Amit
If this answers your query, Please ACCEPT SOLUTION and give KUDOS.
02/21/2024 09:08 AM
We have special scenario here, Amit!
Ex: Let's say we have user identity in Saviynt - adm.username1, username1, username2, adm.username2
When recon is done for saviynt for saviynt connection, we will have 4 accounts right adm.username1, username1, username2, adm.username2.
I want the account in the endpoint - username1 and adm.username1 to be mapped to the saviynt user identity username1. adm.username1 user identity in saviynt should not be mapped with any account.
Similarly, the account in the endpoint - username2 and adm.username2 to be mapped to the saviynt user identity username2. adm.username2 user identity in saviynt should not be mapped with any account.
Let me know if you need further clarity here.
-Siva
02/21/2024 09:23 AM - edited 02/21/2024 09:31 AM
Hi @Sivagami
I would suggest you can use the below Advanced query to correlate the accounts based on the length of the account name.
case when length(accounts.name)=10 and substring_index(accounts.name,'.',1)='adm' then accounts.name=concat('adm.',users.username) else users.username=accounts.name end
In the user-account correlation rule, select advanced config to use the above query. If this helps, you can enhance this query to include other conditions to exclude the privileged identities.
Let me know if this helps!
02/21/2024 10:22 AM
Thanks, @naveenss! Worked.