With SVG supporting the concepts of applications and account configurations, I'm looking into a way to configure business applications that share a directory (=account configuration).
The goal is to be able to create IT/Applications roles at the level of a (business) application that will hold a selection of entitlements out of the shared directory. Those IT/Application roles should then be requestable by end users via self service portal.
I configured an enterprise connector to a (shared) LDAP directory. This automatically creates an account configuration and application, both with the name given to the connector ("LDAPDemo" in my case). Next I created a new application BusinessApp1 and configured the LDAPDemo account configuration as the account to be used and same for Event Marker.
When enabling the enterprise connector + change log, I see the entitlements of the LDAP are read, but I do get an error "OBJECT_NOT_UNIQUE -Application-" in the TARGET inboud - Access events. I think this indicates that SVG is not able to connect the entitlement to the correct application (either LDAPDemo or BusinessApp1).
I think you can use a (pre)mapping rule in the connector to map entitlements to the correct business application, but with a large directory (and lack of standardization/naming convention) this becomes maintenance intensive.
Does anyone has experience with this scenario and a (simple) way to solve it ?
------------------------------
Kees de Jager
------------------------------