Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/12/2022 12:55 PM
Hi Experts,
I am trying to figure out a way to remove a user from AD group after 30 days of disabling. Any idea?
Use Case: User gets terminated from HR and the value is imported into Saviynt. Now the account should be disabled(which I am able to do from User update rule) but his AD entitlement( group membership) should be removed afer 30 days of disabling.
Could you please let me know how do we achieve above requirement. Any help appreciated.
Solved! Go to Solution.
04/12/2022 01:54 PM
Hello Chandan,
You may evaluate Analytics query option to remove the group membership after 30 days of disabling.
Thanks,
Pallavi
04/12/2022 01:54 PM
04/12/2022 01:54 PM
Hi Chandan,
Greetings!!
Thanks Pallavi for your comments. You are right, To handle delayed deprovisioning cases we have controls via Analytics.
You could schedule it as well to automate the process on a daily basis.
Thanks & regards,
Anand Kumar Jha
04/12/2022 01:54 PM
04/12/2022 01:54 PM
Hi Chandan,
Greetings!!
I would recommend you to raise a separate thread on Analytics query.
A sample example for your reference: (You could modify it as per your requirement, Could be used with Version 1 Analytics)
SELECT a.accountkey AS 'acctKey', ae.entitlement_valuekey AS 'entvaluekey', ev.entitlement_value, a.accountid, u.userkey AS 'userKey', u.username AS USER, a.name AS BOX_ACCOUNT, a.status AS ACCOUNT_STATUS, u.firstname, u.lastname, u.email AS USER_EMAIL, CASE WHEN u.statuskey = 1 THEN 'ACTIVE' WHEN u.statuskey = 0 THEN 'INACTIVE' ELSE 'NONE' end AS USER_STATUS, Sysdate() AS RUNTIME, 'Deprovision Access' AS Default_Action_For_Analytics, ep.endpointname, u.termdate FROM accounts a JOIN endpoints ep ON ep.endpointkey = a.endpointkey JOIN user_accounts ua ON ua.accountkey = a.accountkey JOIN users u ON ua.userkey = u.userkey AND u.termdate IS NOT NULL JOIN account_entitlements1 ae ON ae.accountkey = a.accountkey JOIN entitlement_values ev ON ev.entitlement_valuekey = ae.entitlement_valuekey WHERE a.endpointkey IN (2) AND a.status IN (2,'Manually Suspended') AND Date_add(u.termdate, INTERVAL 15 day) < Now()
Additionally, I would recommend you to check Analytics documentation for your learning and references.
Thanks & Regards,
Anand Kumar Jha
04/12/2022 01:54 PM
Thanks Anand
Will check on the references and if required will open a new topic.