Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Account Correlation Based On Conditions

Go to solution
Sivagami
Valued Contributor
Valued Contributor

‎02/21/2024 08:02 AM

I have a scenario to write user account correlation based on conditions. How do I accomplish the below?

If account name length is 10 and it starts with adm. then users.username=concat('adm.',accounts.name)

If account name length is not 10 then users.username=accounts.name

What is the syntax for this in user account correlation rule in endpoint?

Corner case -> there are some users in saviynt locally with naming convention as adm.username. I don't want the privileged account to be mapped to Saviynt local entry. I want both regular user account and privileged account (Adm.) to be mapped with the username itself

Labels:
0 Kudos
4 REPLIES 4

Go to solution
AmitM
Valued Contributor
Valued Contributor

‎02/21/2024 08:27 AM

Hi @Sivagami , hope I have not misunderstood your ask but why to add condition. We too have same scenario and we simply are using (users.username) = accounts.name#concat('ADM',users.username) = accounts.name.

This gets both personal accounts and ADM accounts linked to user record.

Thanks,

Amit

If this answers your query, Please ACCEPT SOLUTION and give KUDOS.

0 Kudos

Go to solution
Sivagami
Valued Contributor
Valued Contributor
In response to AmitM

‎02/21/2024 09:08 AM

We have special scenario here, Amit! 

Ex: Let's say we have user identity  in Saviynt - adm.username1, username1, username2, adm.username2

When recon is done for saviynt for saviynt connection, we will have 4 accounts right adm.username1, username1, username2, adm.username2.

I want the account in the endpoint - username1 and adm.username1 to be mapped to the saviynt user identity username1. adm.username1 user identity in saviynt should not be mapped with any account.

Similarly,  the account in the endpoint - username2 and adm.username2 to be mapped to the saviynt user identity username2. adm.username2 user identity in saviynt should not be mapped with any account.

Let me know if you need further clarity here.

 -Siva

 

Go to solution
naveenss
All-Star
All-Star

‎02/21/2024 09:23 AM - edited ‎02/21/2024 09:31 AM

Hi @Sivagami 

I would suggest you can use the below Advanced query to correlate the accounts based on the length of the account name. 

 

case when length(accounts.name)=10 and substring_index(accounts.name,'.',1)='adm' then accounts.name=concat('adm.',users.username) else users.username=accounts.name end

 

 In the user-account correlation rule, select advanced config to use the above query. If this helps, you can enhance this query to include other conditions to exclude the privileged identities. 

Let me know if this helps!

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Go to solution
Sivagami
Valued Contributor
Valued Contributor

‎02/21/2024 10:22 AM

Thanks, @naveenss! Worked.

Copyright © 2024 Khoros, LLC