Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Entitlement owner update in AD

AtrayeeDutta
Regular Contributor
Regular Contributor

‎04/23/2024 03:58 AM

Hi Team,

We have entitlement owner attribute in AD import{"entitlementOwnerAttribute": "managedBy",}, but owners are not getting tagged,  the managedBy attribute in AD holding DN value for the owners, that is getting stored in CP15 for ents, we are using a SAV to SAV to populate the owners, but on next access import run the data populated by SAV to SAV is getting wiped off, on removing this ->"entitlementOwnerAttribute": "managedBy" from the config also wipping the data.

Can anyone let us know how can we restrict the wiping off the data after access import or populate the owners directly from the import.

{
"importGroupHierarchy": "true",
"entitlementTypeName": "",
"performGroupAccountLinking": "true",
"incrementalTimeField": "whenChanged",
"groupObjectClass": "(objectclass=group)",
"mapping": "memberHash:member_char,customProperty1:sAMAccountType_char,customProperty2:instanceType_char,customProperty3:uSNCreated_char,customProperty4:groupType_char,customProperty5:dSCorePropagationData_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whenCreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectCategory_char,customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:objectGUID_Binary,customProperty14:objectClass_char,updatedate:whenChanged_date,customPropErty17:distinguishedName_char,RECONCILATION_FIELD:entitlementid,customProperty18:objectGUID_Binary",
"entitlementOwnerAttribute": "managedBy",
"activeGroupPossibleValues": ["active", "a", "l", "TRUE"]
}

Regards,

Atrayee

Labels:
0 Kudos
4 REPLIES 4

Raghu
Valued Contributor III
Valued Contributor III

‎04/23/2024 04:08 AM

Directly we can't update owner , please check below article

https://forums.saviynt.com/t5/identity-governance/entitlement-owner-mapping-between-endpoints/m-p/86...

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

Manu269
All-Star
All-Star

‎04/23/2024 04:08 AM

@AtrayeeDutta Did you check this post :

Solved: Adding owner to Entitlements from Custom property - Saviynt Forums - 28348

Solved: Data truncation error for customproperty16 - Saviynt Forums - 50079

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

vivek9237
Regular Contributor
Regular Contributor

‎04/23/2024 04:55 AM

@AtrayeeDutta you have to configure "tableFieldAttribute" in your groupImportMapping.

tableFieldAttribute should hold the account column name where you have mapped the AD user's distinguishedName.

PFB an example where I have assumed that you have mapped the AD user's distinguishedName to accountId in the ACCOUNT_ATTRIBUTES mapping. 

{
  "importGroupHierarchy": "true",
  "entitlementTypeName": "",
  "performGroupAccountLinking": "true",
  "incrementalTimeField": "whenChanged",
  "groupObjectClass": "(objectclass=group)",
  "mapping": "memberHash:member_char,customProperty1:sAMAccountType_char,customProperty2:instanceType_char,customProperty3:uSNCreated_char,customProperty4:groupType_char,customProperty5:dSCorePropagationData_char,customProperty12:dn_char,customProperty13:cn_char,lastscandate:whenCreated_date,customProperty15:managedBy_char,entitlement_glossary:description_char,description:description_char,displayname:name_char,customProperty9:name_char,customProperty10:objectCategory_char,customProperty11:sAMAccountName_char,entitlement_value:distinguishedName_char,entitlementid:objectGUID_Binary,customProperty14:objectClass_char,updatedate:whenChanged_date,customPropErty17:distinguishedName_char,RECONCILATION_FIELD:entitlementid,customProperty18:objectGUID_Binary",
  "entitlementOwnerAttribute": "managedBy",
  "tableFieldAttribute": "accountId", // assuming you have mapped account's distinguishedName in accountId column of ACCOUNTS table
  "activeGroupPossibleValues": [
    "active",
    "a",
    "l",
    "TRUE"
  ]
}


 

Regards,

Vivek Mohanty


If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

rushikeshvartak
All-Star
All-Star

‎04/23/2024 05:30 AM

entitlementTypeName Should be memberOf


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC