Unable to create user in AD after enable Entitlement package

Hi,

Today im testing out to use the AD entitlement package to enable Role based control for my IG, but after i enabled, deployed and restarted the AD driver, my ad unable to create user anymore. It keep getting vetoed due to "Veto account creation when entitlement not granted". is the "User-Account" entitlement needed to put in manually? or it should be auto provided by AD driver on user creation. Before enable the entitlement package everything is working fine and im able to create user into AD. 

Parents
  • 0  

    You have to grant the UserAccount entitlement to a user.  This is what controls access to AD Accounts.   And to your point, NO the AD driver does not automatically add the entitlement.  It is a gatekeeper so you have to assign it somehow.

    So everyone who should have AD accounts, should have the Entitlememt.  You can grant a role at the Container level.  (Not a fan).  You can start building Roles for locations or whercver that start with just the AD Account entitlement for now and start assigning those.  Then add additional entitlements when you are ready to start using them.

Reply
  • 0  

    You have to grant the UserAccount entitlement to a user.  This is what controls access to AD Accounts.   And to your point, NO the AD driver does not automatically add the entitlement.  It is a gatekeeper so you have to assign it somehow.

    So everyone who should have AD accounts, should have the Entitlememt.  You can grant a role at the Container level.  (Not a fan).  You can start building Roles for locations or whercver that start with just the AD Account entitlement for now and start assigning those.  Then add additional entitlements when you are ready to start using them.

Children