Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Endpoint Dynamic Attributes

BrandonLucas_BF
Regular Contributor III
Regular Contributor III

I have a few questions about the use of dynamic attributes at the endpoint level. Specifically, I'm using this during the management of service accounts.

 

  • Is it possible to restrict the 'Account Name' field for service account management to force only generated values to be used?
  • Is it possible to do any validation on dynamic attribute length for text fields? I have a text DA but the desire would be to not allow length greater than 9 chars.
  • Is it possible to generate random text values to be used in the service account name rule? Either through a dynamic attribute or through the service account name rule itself?
9 REPLIES 9

Darshanjain
Saviynt Employee
Saviynt Employee

Hi @BrandonLucas_BF 

Please find the reponse below

 

  • Is it possible to restrict the 'Account Name' field for service account management to force only generated values to be used?- No
  • Is it possible to do any validation on dynamic attribute length for text fields? I have a text DA but the desire would be to not allow length greater than 9 chars.- Yes, you can use validation field condition in DA or Regex as well as per your need
  • Is it possible to generate random text values to be used in the service account name rule? Either through a dynamic attribute or through the service account name rule itself?- Yes you can do it via both DA or service accountname rule ( you can use RAND function )

 

Thanks

Darshan

  • Is it possible to do any validation on dynamic attribute length for text fields? I have a text DA but the desire would be to not allow length greater than 9 chars.- Yes, you can use validation field condition in DA or Regex as well as per your need
    • How do we do this for the endpoint dynamic attributes? All I could find was that this can be done for user registration dynamic attributes and see no evidence of it being capable for endpoint DAs.
  • Is it possible to generate random text values to be used in the service account name rule? Either through a dynamic attribute or through the service account name rule itself?- Yes you can do it via both DA or service accountname rule ( you can use RAND function )
    • Can you help with a sample of this? I have tried some examples but cannot seem to get it quite right. Desire would be to generate a random text string of 9 chars as part of the accountname.

Hi @BrandonLucas_BF 

  • Is it possible to do any validation on dynamic attribute length for text fields? I have a text DA but the desire would be to not allow length greater than 9 chars.- Yes, you can use validation field condition in DA or Regex as well as per your need
    • How do we do this for the endpoint dynamic attributes? All I could find was that this can be done for user registration dynamic attributes and see no evidence of it being capable for endpoint DAs.-- You can give the regex condition something like this ( ^.{1,9}$ ) this will only allow less than or equal to 9 characters.
  • Is it possible to generate random text values to be used in the service account name rule? Either through a dynamic attribute or through the service account name rule itself?- Yes you can do it via both DA or service accountname rule ( you can use RAND function )
    • Can you help with a sample of this? I have tried some examples but cannot seem to get it quite right. Desire would be to generate a random text string of 9 chars as part of the accountname. - Create a DA and use that DA in account ame rule- IN the DA you can sql as  SELECT SUBSTRING(MD5(RAND()), 1, 9) AS id; which will give you the result

 

Thanks

Darshan

IAM-VP
New Contributor
New Contributor

Hi @BrandonLucas_BF 

For Q #1 , May be this could be one of a solution if want to explore other option. you can use "Service Account Name Rule " at endpoint level, you can write code to generate account name and same will be used for Account Name. 

IAMVP_0-1681137308998.png

 

Hi @IAM-VP 

I have already mentioned the same in above as well , it can be done via DA or service account name rule , however brandon wants to achieve few more checks and conditions as said above, so suggested him to use the DA which is the best use case

 

Thanks

Darshan

AashishD
Regular Contributor II
Regular Contributor II

Hi Darshan,

How to write a Validation Condition under a dynamic attribute wherein the requirement is that the name is 15 characters

AshishDas_0-1685427379697.png

 

Hi @AashishD 

You can use the regex condition for the same right {3,15}.

 

Thanks

Darshan

IAM-VP
New Contributor
New Contributor

@AashishD ,

 

you can use regex below ,

(?=.*^[A-Z])(?=.*[a-z]).{3,15} - Name should start with Capital later and contains only alphabets and minimum length 3 and maximum 15. 

you can modify above regex as per your requirement.

 

 

AashishD
Regular Contributor II
Regular Contributor II

Regex is inconsistent at times. Hence wanted to know the format for writing the same in validation condition in dynamic attributes