Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Can we use organization and/or organization hierarchy to publish application and entitlements?

Kramerica
New Contributor II
New Contributor II

We have a requirement where certain applications and entitlements should only be available to request to certain users. (A requirement that was implemented in our legacy tool).

Can we use organization hierarchy to put these users in those organization and then publish End Points and Entitlements to that organization? 

Has anyone implemented it?

5 REPLIES 5

rushikeshvartak
All-Star
All-Star

You need to use dynamic attributes for filtering.  you can't use organizations in ARS 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

PremMahadikar
All-Star
All-Star

Hi @Kramerica ,

I am not sure for your usecase, if organization hierarchy will help.

As suggested by Rushikesh, use dynamic attribute (DA) for any user's attribute (editable by user can be option), then Endpoint -> entitlement type -> "Config for Requestable Entitlement in ARS" can be used for filtering the entitlements based on users' attributes. Achieved by DA in ARS and hardcoded value in all entitlements to have mapping of selected users' attributes. Organization can be one of the user's attributes to filter. (Link for entitlement type filter)

Endpoint -> "Access Query" can be used for filtering endpoints based on users' attributes (refer link on access filter)

 

If this answers your question, please consider selecting Accept As Solution and hit Kudos

nimitdave
Saviynt Employee
Saviynt Employee

@Kramerica , you can explore usage of access query in the endpoint details tab of the particular endpoint. Using this query you can limit the applications visible to the logged in user as per their properties.

Kramerica
New Contributor II
New Contributor II

@nimitdave 

Our requirement is to filter entitlements for an application not the application itself. 

@Kramerica , Did you try with dynamic attribute to filter entitlements for an application? (as suggested above)