Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Azure AD connector, account import and status issue

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 8 2020 at 08:11 UTC

I am using the Azure AD connector to import data and have some issues getting account's active/inactive status to Saviynt.


I'm importing accountEnabled attribute from AAD to account customproperty10 with the default connector configuration, and then using the following configuration in the STATUS_THRESHOLD_CONFIG:


{

"statusAndThresholdConfig": {

"accountThresholdValue": 100,

"statusColumn": "customproperty10",

"activeStatus": [

"true"

],

"deleteLinks": true

}

}


With this configuration it seems that when running the import, only some of the accounts are inactivated based on the data from AAD. All of the accounts functioning correctly are exisitng accounts, not provisioned from Saviynt.


For accounts provisioned by Saviynt, I can see that the data is imported correctly to custom properties, but not reflected in account status:




If I modify any information in AAD and run the import to Saviynt, I can see that the data changes correctly in Saviynt, but the account does not get inactivated.


Is there some setting or configuration I am missing?


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
5 REPLIES 5

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 8 2020 at 15:46 UTC

Hi Mikko,


After provisioning account from saviynt, status will be set to manually provisioned in saviynt. After next import, it will be changed to active/inactive based on accountenabled attribute value in the target.

May i know whether this is how it worked for you or if not we can connect over webex and discuss this.


Thanks,

Lokesh S

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 9 2020 at 05:35 UTC

Yes, the account is in "manually provisioned" status after running the provisioning to AAD. After account import from AAD, the status is "Active". After creating a disable account task in Saviynt and running provisioning, status is "Manually suspended", also in Azure AD the Block sign in is set to value "Yes".


After that, when running the account import to Saviynt, the account is set to "Active", which is inconsistent with the value in AAD. There are existing accounts that have been imported from AAD to Saviynt that are inactive in AAD and also in Saviynt. I am only seeing this behavior for accounts provisioned by Saviynt, so that is why I'm wondering if there is some configuration I am missing, or if this is related to data in AAD, which might be different for existing accounts vs. accounts provisioned by Saviynt.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 9 2020 at 06:38 UTC

It also seems that only the initial account import set the status correctly, because after changing existing AAD account from inactive -> active -> inactive, the account stays active in Saviynt.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 26 2020 at 10:35 UTC

Hi Mikko,


This is a bug which is being addressed as part of current sprint. Fix should be available by end of next week.


Thanks,

Lokesh S

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on June 26 2020 at 10:57 UTC

Lokesh, thanks for your answer.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.