Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using entitlement attributes in AD connection

HarishG
Regular Contributor
Regular Contributor

‎03/14/2024 09:48 AM

Hi,

Can we use the entitlement attributes of a user in CreateAccountJSON for a AD connector?

for example:

User is assigned with an entitlement(costcenter1). While creating AD account for that user, can we get this value user.costcenter1.customproperty1 in JSON?

or any other approach to get the entitlement attribute values while creating AD account?

Thanks in advance.

 

Best regards,

Harish

0 Kudos
7 REPLIES 7

NM
Regular Contributor III
Regular Contributor III

‎03/14/2024 10:22 AM

Hi @HarishG , Until account is created for the user for the application,  no entitlement is linked to it..if account is created it will act as a add,modify request.

0 Kudos

rushikeshvartak
All-Star
All-Star

‎03/14/2024 08:25 PM

In Account Object you can't access entitlement custom properties 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Darshanjain
Saviynt Employee
Saviynt Employee

‎03/15/2024 04:50 AM

Hi @HarishG 

Please use the Dynamic attribute concept to populate cost center details and use it in the create account json.

 

Thanks

Darshan

0 Kudos

HarishG
Regular Contributor
Regular Contributor
In response to Darshanjain

‎03/21/2024 05:33 AM

Hi @Darshanjain@rushikeshvartak 

We tried to use the Dynamic attributes to get the CostCenter details and provision to AD.

It is working fine if we submit a request for AD account in ARS.

Any suggestions on how can we handle the AD accounts without requests(Birthright account creation)?

 

Thanks

Harish

0 Kudos

NM
Regular Contributor III
Regular Contributor III

‎03/21/2024 08:58 AM

Hi @HarishG , as per my knowledge. birthright access takes default value of dynamic attribute.. so maybe you can add a default value.

0 Kudos

HarishG
Regular Contributor
Regular Contributor

‎03/21/2024 10:05 AM

Hi @NM,

Thanks for the reply.

I have tried using that, it didn’t work because the query in DynamicAttribute contains ${requestee}, which will be generated only if the request is submitted.

is there any way to get the userkey using some task variable? ex: ${task.userkey}

HarishG_0-1711040698333.png

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to HarishG

‎03/21/2024 07:24 PM

Dynamic variables in default value will not be exposed from rule. if plain query or static value is exposed in rules

https://forums.saviynt.com/t5/identity-governance/provisioning-access-based-on-dynamic-value-not-wor...


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC