Skip to main content

KYDSO

Assignment proposals

For each newly created Unmanaged Account, the system checks whether there is at least one person and one generation rule defined in KYDSO for the account name to which the account matches.

First, the contents of the following fields (AD attributes) are compared with the data of the available persons:

AD attribute

Personal data

givenName

First name

sn

Last name

mail

E-mail (business)

sAMAccountName (if syntax is <vorname>.<nachname> or <v>.<nachname>)

First name, last name

A person is considered available if their status is set to active at the time of editing.

A suitable person is found if there are matches for the following combinations of field contents:

  1. sAMAccountName, Office E-mail, last name, first name

  2. sAMAccountName, Office E-mail

  3. sAMAccountName, last name, first name

  4. sAMAccountName

  5. Office E-mail, last name, first name

  6. Office E-mail

  7. Last name, first name

The syntax of the sAMAccountName is then compared with the generation rules for standard accounts and any defined privileged account types.

Finally, an assignment proposal is created with the following information.

Field

Contents

Basis for proposal

Proposed account

Internal account

  • Match in the generation rule for standard accounts or

  • no match for a generation rule, but there is a suitable person without an internal account

Privileged account - name of the account in German (Asset ID)

Match in the generation rule for a privileged account type

Proposed person

Last name, first name (matches) (Person ID)

Person with the best match according to the order listed above

Increasing the assignment proposals for the transfer of Active Directory accounts

You can influence the number and quality of the assignment proposals yourself:

  • Sequence of imports: For each Unmanaged Account created, the system first checks whether a suitable employee exists. Therefore, carry out the first Person Import before the first Account Reconciliation. Otherwise, no assignment proposals will be generated.

  • Import of the Office E-mail: Provide the Office E-Mail - if available - in the Person Import and at the Active Directory accounts. This increases the accuracy of the suggested persons.

  • Generation of the sAMAccountName: If possible, set the generation rule for the login name of standard accounts to the syntax you are using. This increases the accuracy of the suggested account and the suggested person.

  • Definition of privileged accounts: Define the privileged account types you use and the associated generation rules for the account name before the first Account Reconciliation. This increases the accuracy of the suggested account and the suggested person.

In this section: