Skip to main content

Hi All

I am facing one issue in mapping dedicated account for ids on local dmz servers. admin id and users standard ids are not matching. in such case how should use the dedicated account mapping functionality?

Below is data set-up 

1. admin id on managed system is PAO12345

2. standard id of this user in user group is MSS12345

Now since admin id is local i cannot use directory attribute.  in mapping Smart rule i think we cannot use map dedicated account to action with deciated account filter.

 

Kindly help me how can i write the smart rule to map the deciated ids . I don't want to use one-to-one mapping as it will require to write lot of smart rule and lot of user group.

 

Please help

Hi Immi,

did you try the ExtensionAttribute1…15 or mail out?

It could be an possible way to map dedicated Accounts. 
 

Regards

Arno

Hi Arno

Since it is local account mail attribute is also not available 

@immi563 I don't think there is a way to create a single dedicated smart rule in your scenario because there is no criteria matches between standard user account and local admin account. 

Hi Prudhivi 

thanks for the reply.  I also think the same that it is possible. 

However this is very much a valid use case. Wonder product should have done something to make it happen 

@immi563 

Try like this, as long as your username is 12345

You can set the does not equal to anything like B_

Any account that has 12345 no matter the suffix shall be dedicate:

PAO12345 and MSS12345 and TS12345

just like that.

Hi ​@Paulo144 

thanks for valuable inputs.

Let me try to implement the same in my lab and get back..  have you used the under action mad dedicated account to user group condition?

are you sure with this condition you have used  PAO12345 will mapped to MSS12345. i mean mss12345 should have requestor access to PAO12345. when mss12345 logs in PA012345 should be visible to only him and no one else.. 

 

Reply


Badge Earners

Show all badges
Terms & ConditionsCookie settings