-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New-SafeguardAccessRequest fails finding the same account multiple times #473
Comments
@holger-weihe There were some changes to this cmdlet to fix another issue that might have caused this problem. We will try to reproduce and get back to you. |
I agree on the behavior, of finding multiple, even worse if you have multiple admin accounts (not to mention if you then have assets too)
Hope this solves your problem until a better solution is provided for you |
This is an issue for me as well. Problem seems to be in Resolve-safeguardRequestableAccountId. There is an explicit check for more than 1 account and it throws an exception. My workaround below
|
Using safeguard-ps version 7.2.96694 the cmdlet New-SafeguardAccessRequest fails with
PS C:\Users\Administrator.ONEIDENTITY> New-SafeguardAccessRequest
cmdlet New-SafeguardAccessRequest at command pipeline position 1
Supply values for the following parameters:
AssetToUse: portal.azure.com
AccessRequestType: Password
AccountToUse: [email protected]
Exception: Found 2 requestable accounts matching '[email protected]'
when i check with "Find-SafeguardRequestableAccounts" i get
PS C:\Users\Administrator.ONEIDENTITY> Find-SafeguardRequestableAccount
cmdlet Find-SafeguardRequestableAccount at command pipeline position 1
Supply values for the following parameters:
SearchString: henriettam
AssetId : 125
AssetName : portal.azure.com
NetworkAddress :
PlatformDisplayName : Azure AD 1.0
AccountId : 274
AccountDomainName :
AccountName : [email protected]
AccessRequestType : Password
AssetId : 125
AssetName : portal.azure.com
NetworkAddress :
PlatformDisplayName : Azure AD 1.0
AccountId : 274
AccountDomainName :
AccountName : [email protected]
AccessRequestType : RemoteDesktopApplication
AssetId : 125
AssetName : portal.azure.com
NetworkAddress :
PlatformDisplayName : Azure AD 1.0
AccountId : 274
AccountDomainName :
AccountName : [email protected]
AccessRequestType : Password
AssetId : 125
AssetName : portal.azure.com
NetworkAddress :
PlatformDisplayName : Azure AD 1.0
AccountId : 274
AccountDomainName :
AccountName : [email protected]
AccessRequestType : RemoteDesktopApplication
which is correct for my environement because the account is enabled for password and RemoteDesktopApplication requests. But the output lists 4 matches but the command complains on 2 entries only.
When i modify the entitlement to remove the "RemoteDesktopApplication" from the account i will get
PS C:\Users\Administrator.ONEIDENTITY> Find-SafeguardRequestableAccount
cmdlet Find-SafeguardRequestableAccount at command pipeline position 1
Supply values for the following parameters:
SearchString: henriettam
AssetId : 125
AssetName : portal.azure.com
NetworkAddress :
PlatformDisplayName : Azure AD 1.0
AccountId : 274
AccountDomainName :
AccountName : [email protected]
AccessRequestType : Password
AssetId : 125
AssetName : portal.azure.com
NetworkAddress :
PlatformDisplayName : Azure AD 1.0
AccountId : 274
AccountDomainName :
AccountName : [email protected]
AccessRequestType : Password
and the "New-SafeguardAccessRequest" does not succeed because i got
PS C:\Users\Administrator.ONEIDENTITY> New-SafeguardAccessRequest
cmdlet New-SafeguardAccessRequest at command pipeline position 1
Supply values for the following parameters:
AssetToUse: portal.azure.com
AccessRequestType: Password
AccountToUse: [email protected]
Exception: Found 2 requestable accounts matching '[email protected]'
So it looks like it is duplicating the entries found.
The text was updated successfully, but these errors were encountered: