Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/23/2023 09:34 AM
For Jit Access - Saviynt is creating the local account with admin by default with help of create account json in windows endpoint connections.
{
"Name": "${task.accountName}",
"Description":"${user.username}",
"Password": "${randomPassword}",
"accessGrouptype": "admin"
}
Can we restrict this "accessGrouptype" by with non-admin access type based on user entitlements.
i.e : If user has Entitlement "A" then add his account ID to Administrator group and If user has Entitlement "B" then add his account ID to Remote desktop user or Guest group on windows instance when provisioning JIT access.
07/19/2023 12:13 AM
Please check this guide - https://docs.saviyntcloud.com/bundle/WindowsServer-v23x/page/Content/Understanding-the-Integration-B...
Parameter name is "control" - Specify this parameter for control purpose.
For example, you can use it in CreateAccountJSON to fetch the entitlement value to determine if an account can be associated with an admin or a non-admin user.
For non admin access user would be added to Remote Desktop Users group.