Alternatives for ManagedObjects (With ARS)

In an environment where we are already using the Manager and DirectReports attributes, we are trying to get automatic account linking up and running.

What are some good alternatives for the "managedObjects" field in the AD identity attributes?

We do have ARS, so as a secondary question; is it possible to use an ARS attribute in this way? Or is more configuration needed in order to use ARS attributes?

Parents

0 Tawfiq.Ahmad 4 months ago

Hi Andrew,

You should technically be able to use any custom Backlink attribute of the AD User object as long as it contains the distinguished name of the privileged account (Linked Account) as its value and you have configured the AD provider in Safeguard Access > Identity and Authentication > AD provider > Attributes tab > Managed Objects = mapped to that custom Backlink attribute.

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 Tawfiq.Ahmad 4 months ago

Hi Andrew,

You should technically be able to use any custom Backlink attribute of the AD User object as long as it contains the distinguished name of the privileged account (Linked Account) as its value and you have configured the AD provider in Safeguard Access > Identity and Authentication > AD provider > Attributes tab > Managed Objects = mapped to that custom Backlink attribute.

Thanks!
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

0 andrew myers 4 months ago in reply to Tawfiq.Ahmad

Hi Tawfiq,

Good to know!

Additionally, do you know if anything extra needs to be done to make ARS attributes accessible? Would the Identity & Authentication provider have to point to ARS instead of AD?
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 Tawfiq.Ahmad 4 months ago in reply to andrew myers

I was referring mainly to AD Attributes and not aware if ARS attributes could be used or how in this case.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Endpoint Privilege Management

Alternatives for ManagedObjects (With ARS)