Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/22/2023 09:46 AM - edited 12/12/2023 04:11 AM
Target system ( i.e AD or Azure AD or Exchange ) is connected already with Saviynt.
We just need to import proxyAddresses ( user import ) extra attribute, process them and fetch Primary SMTP and save them in the data column in the userAttributes Table.
[CUSTOMPROPERTY30::employeeID#String,
LOCATIONDESC::ssoId#String,
CUSTOMPROPERTY42::sAMAccountName#String,
USERATTRIBUTE_EMAIL:proxyAddresses#String,
USERATTRIBUTE_CHECK1:customproperty23#String]
Sample Json:
{ "ADDITIONALTABLES":
{ "USERS": "SELECT USERKEY,firstname,lastname FROM USERS", "USER_ATTRIBUTES": "SELECT USERKEY, DATA, ATTRIBUTENAME FROM USER_ATTRIBUTES" },
"COMPUTEDCOLUMNS": [ "customproperty2", "customproperty3" ],
"PREPROCESSQUERIES": [ "UPDATE NEWUSERDATA, CURRENTUSERS cu SET CUSTOMPROPERTY2 = (select CONCAT(lastname, ', ', firstname) from CURRENTUSERS where userkey=1)", "UPDATE NEWUSERDATA SET CUSTOMPROPERTY3 = (select count(USERKEY) from currentusers)", "UPDATE NEWUSERDATA SET USERATTRIBUTE_EMAIL='email1,email2,email3' where USERATTRIBUTE_EMAIL like 'validation%'" ] }
You can set the userattribute_email accordingly and the data is split these into comma and entered these value in user_attribute table.
Ex:
Userattribute_email = "d1@gmail.com,d2@gmail.com,d3@gmail.com"
In the user attribute table, the data is entered as in each row split by comma so that all emails will checked in email generation rule.
I tried mapping comma delimited list of emails, from AD to userattribute_email but the import is failing with the below error message.
Do I need to a pre-processor?
Thanks.
Hi @renatogiron
Yes please use the inline processing as shown in the example so that this table is created in tempnewusers table
Thanks
Darshan
@Darshanjain - you mentioned we can use the same in email generation rule . Can you mention how?
Does our saviynt rule engine automatically check the userattributes table?
Yes its OOTB feature, it checks automatically
@Darshanjain can we use USERATTRIBUTE_EMAIL in computed column? When I tried it was throwing some error. My requirement is to bring in proxyaddress from account CP to USERATTRIBUTE table via Sav4Sav
Yes you can @shibinvpkvr .
I was able to map account CP which is comma separated format directly to USERATTRIBUTES_EMAIL field. looks like its splitting the value and inserting into multiple rows in userattributes table. However, I noticed every time it duplicates the last value in comma separated format into the table. if I have email1,email2,email3 as value then first time it inserts into 3 rows. next time onwards email3 is getting inserted into the 4th row. Next time email3 is inserted into 5th row and so on its growing.
Also how will we clear this once the proxy address is removed. I tried to make USERATTRIBUTES_EMAIL NULL but that did not remove the userattributes entries.
Hi @shibinvpkvr
Yes we have noticed this issue and we have taken it to our engineering team, Hopefully it will be resolved soon.
If you want to clear it, then you need to use the table user_attributes and column data to clear it.
But why do you want to clear it off, these are mainly used for uniqueness generation of email
@Darshanjain if the alias has been removed from the mailbox, then that should be available for email generation, right? otherwise those will never be available to use for anyone.
Hi @shibinvpkvr
Yes, agree but right now you can only add the data in user_attributes table, If you want to update the table you can use the custom query job to update the data column so that it can be reused.
Also for any specific cases, we would want you to open a forum topic and then you paste this KB link and discuss that would be better.
Thanks in advance.
@Darshanjain Can we achieve the same check for "System Username generation"?? We got to check this against other user attribute before we assign this to any new user that is onboarded.
@Darshanjain We are using an ADSI connector.Can we directly use the user_atrribute field with USERATTRIBUTE_EMAIL:proxyAddresses#String] , or we need to bring teh proxyaddresses in a account CP and then bring the account cp value to user_attribute table?
@SaiSandeep1025 Is this working for you?
Also, We are using v5.5 SP3. Does this version support the email uniqueness checks?
Email uniqueness check works in those table, but the data entering into those tables are not supported via inline preprocessor
Hi @Darshanjain ,
Currently how we are achieving this scenario?
We have a requiremnet that, while creating the SMTP or any proxy address it should check the unicity with all the existing proxyaddresses.
Is this supported currently? If not, do we have any workaround? ALso, we are using ADSI connection in saviynt v5.5 SP3.
Currently we are asking all customers to be migrated soon to EIC versions, but for time being you can create a stored procedure in DB( you need to create a FD ticket for this ) and execute that via Job. But would recommend you to upgrade to EIC versions.
@Darshanjain it works with v2021 and above perfectly. but not with v5.5.
What doesnt work with v5.5, Also pls create a new article and refer this KB going forward please if you have any questions on this.
Hi @Darshanjain ,
So I'm using Azure AD to get the Proxy Address and store that in userattribute_email.
But I'm confused about what to write in inline Processing.
@Darshanjain Please see the issue I am having with this here: https://forums.saviynt.com/t5/identity-governance/user-attribute-check-fails-to-generate-unique-emai...
We have a requirement to map the aliases from REST-based target to USERATTRIBUTES_EMAIL to check uniqueness of email. We are not able to directly map from REST connector using inline preprocessor. But we are able to set those to a user CP. Now can we write SAV4SAV to read from CP and update to USERATTRIBUTES_EMAIL?
@shibinvpkvr I see that you can read from account CP and map. Can you please share the sample/steps to map the CP to userattributes_email using sav4sav ?
Hello @Darshanjain @shibinvpkvr
I reviewed the above post and have a small doubt. Could you clarify where exactly we are placing the following JSON?
[CUSTOMPROPERTY30::employeeID#String,
LOCATIONDESC::ssoId#String,
CUSTOMPROPERTY42::sAMAccountName#String,
USERATTRIBUTE_EMAIL:proxyAddresses#String,
USERATTRIBUTE_CHECK1:customproperty23#String]
Are we inserting this into the `account_attribute` JSON? If so, we are already importing proxy addresses into `accounts.customproperty51`. How can I push this data to the `user_attribute` table for storing proxy addresses and performing the email uniqueness check? Could you please share the preprocessor query for this?
Thanks,
Chirag Gupta