I’m encountering an issue with my Role Define assignment. The request is for all active secondary accounts from AD - Privileged Source to be automatically provisioned into the access profile within that role.
The setup for the Role Definition assignment is as follows:
Account Attribute distinguishedName from AD - Privileged contains OU=Admin Users, OU=Admin Users and Groups...
Account Attribute samAccountName from AD - Privileged contains .1
Account Attribute UserAccountControl from AD - Privileged is equal to 512
The issue I’m facing is that the standard user accounts are being provisioned into the security group, even though I’ve set the criteria to include only admin accounts.
Note: The security group is from AD, and the admin user is from AD - Privileged.
Hi @earvs0527,
If you are facing problem it might be issue of you operator you defined. If you want to satisfied all of your condition then use the AND operator between then if you wan to satisfied one of the given condition then use OR operator.
And also please verify once again value you have given it might be wrong there. It should contains the exact words in the given value.
I’m using the AND operator to meet all the criteria before provisioning the account. However, even when I only use the two criteria below, SailPoint is still provisioning the standard account. These accounts contain .1, which specifies the admin account.
Account Attribute samAccountName from AD - Privileged contains .1
Account Attribute UserAccountControl from AD - Privileged is equal to 512