Saviynt Forums

tedappara · ‎05/01/2023

I have a live app owner campaign that is showing entitlements to approve. For each line item I am showing user display name and status. However for some items in the app, there is no correlated user. For those lines user display is showing up empty (correct) however the user status shows up (ACTIVE) -- which is incorrect. This should also show up blank/unknown. This is confusing to attestors and needs to be corrected.

I was told that the status of the ADMIN user is being displayed here (ACTIVE). I don't understand why the ADMIN user's status would be displayed for every uncorrelated account.

When attestors are being asked to approve/reject these uncorrelated accounts, the status they are seeing is incorrect and not related to the user they are attesting to at all.

I am proposing and requesting a change to this behavior so that the user status shown is accurate and relevant for the account data being shown in the attestation.

tedappara · ‎05/01/2023

tedappara · ‎05/01/2023

This is in relation to support ticket: https://saviynt.freshdesk.com/support/tickets/1607271

rushikeshvartak · ‎05/01/2023

Please submit idea ticket for same.

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

dgandhi · ‎05/03/2023

What is the issue here? If the account is orphan then it will be corelate with admin identity and display the same in certification. here you will see the status and display name of the admin identity.

Thanks

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

tedappara · ‎05/04/2023

I am aware that this is the explained behavior but I am not in agreement with why that is. Why would Saviynt assume a non-correlated account should be displayed as correlated with the admin identity? What is the logic behind that? At least in our environment (and I'm guessing many others - this does not make sense).

dgandhi · ‎05/04/2023

In order for the system to create a task(post campaign completion) it needs the account to be associated with an identity. So for orphan accounts it will be associated with admin identity.

Thanks

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

tedappara · ‎05/04/2023

The problem here is when we display the name of the user account associated with this - it shows the admin identity and status -- which is not correct. I see that this is only being done for the sake of creating a task . Wouldn't it be better to associate the uncorrelated account with a 'dummy' identity that has perhaps name 'unknown' and status 'unknown'? That way when the attestor is shown this information - they won't incorrectly think the account belongs to Saviynt Admin account and is active -- because this is what is being falsely displayed to an attestor.

dgandhi · ‎05/04/2023

I agree on your point from certifier point of view and the behavior is same for SOD also.

Please open enhancement request for Saviynt on ideas portal.

Thanks

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

tedappara · ‎05/04/2023

I have already opened this same issue presented here on the ideas portal:

https://ideas.saviynt.com/ideas/EIC-I-4574

Thanks,

Tracy

Saviynt Forums

User status incorrect for uncorrelated accounts during certification campaign