Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
No ratings

User Register Form to create guest users

prtkrh007
Saviynt Employee
Saviynt Employee

on ‎10/10/2024 02:18 PM

Title
As Part of External User Onboarding, Register User form is configured in Global Config -> Identity Lifecycle. The Form can be configured using Dynamic attributes.


Short Description

There are some basic minimum required fields which should be included in the User Form .

Applicable version
All versions of EIC

Detail best practice

1) Create dynamic attribute where sponsor/owner can enter guest user's email address. Email should mapped to email field, as this will be used to send the email to the guest user.

For email dynamic attribute validation following sample regex can be used:
^[a-zA-Z0-9._%+-]+@(?!.*\bslm\.com\b$)[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$
This regex matches valid email addresses that:
● Start with a username that can contain letters, numbers, and some special characters.
● Have a domain after the @ symbol.
● Have a top-level domain (e.g., .com, .net).
Excludes email addresses that end with @slm.com. The negative lookahead (?!.*\bslm\.com\b$)
ensures that email addresses from slm.com are not matched.

2) Include Firstname in the form and Map it to the Firstname.
3) Include Lastname in the form and Map it to the Lastname.
4) Include Start date which gives the Start date of the person 
${new Date().format("MM, dd, yyyy")}

5) Include the End date. If needed, following logic can be used which can be auto populated end date.
SELECT DATE_FORMAT(DATE_ADD(CURDATE(), INTERVAL 90 DAY), '%b %d,
%Y') as id;
It will add 90 days from the current date as the end date. It can be changed accordingly.

6) in case there is requirement that Sponsor/Org admin should only see their own organizations, then use following logic
Value: select distinct c.customername as ID from users u, customer c , organization_owners oo where
c.CUSTOMERKEY = oo.CUSTOMERKEY and oo.userkey = u.userkey and oo.userkey = $loggedInUser.id
The above query will ensure that the Logged in user only see the organization for whom they are the owner of.

7) Sponsor/Manager should be mapped to owner User Column and the value can be
Values: select username as ID from users where userkey=${requestor}
Default Value: select username as ID from users where userkey=${requestor}

It will populate the manager as the requestor 
EmployeeType can be ENUM where multiple values can be given to select from

Example : A,B,C,D

8.)To improve the performance of the create user form, only include the dynamic attribute needed to register guest user.

9) To ensure easier maintenance and debugging, avoid incorporating complex parent-child cascading logic in dynamic attributes.


Key Benefit (Quantitative/qualitative)

This will reduce the Time to Go live for User Form  and addition fields can be mapped 


0 Kudos
Version history
Last update:
‎10/10/2024 02:18 PM
Updated by:
Saviynt Employee
Contributors
Copyright © 2024 Khoros, LLC