Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Remove User from AD group after 30-days of disabling

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 12:55 PM

Originally posted on May 6 2020 at 18:51 UTC

Hi Experts,


I am trying to figure out a way to remove a user from AD group after 30 days of disabling. Any idea?


Use Case: User gets terminated from HR and the value is imported into Saviynt. Now the account should be disabled(which I am able to do from User update rule) but his AD entitlement( group membership) should be removed afer 30 days of disabling.


Could you please let me know how do we achieve above requirement. Any help appreciated.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
6 REPLIES 6

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:54 PM

Originally posted on May 7 2020 at 01:48 UTC

Hello Chandan,


You may evaluate Analytics query option to remove the group membership after 30 days of disabling.


Thanks,

Pallavi

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:54 PM

Originally posted on May 7 2020 at 02:47 UTC

Thanks Pallavi. Any automated way to do it?
This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:54 PM

Originally posted on May 7 2020 at 08:34 UTC

Hi Chandan,


Greetings!!


Thanks Pallavi for your comments. You are right, To handle delayed deprovisioning cases we have controls via Analytics.

You could schedule it as well to automate the process on a daily basis.


Thanks & regards,

Anand Kumar Jha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:54 PM

Originally posted on May 7 2020 at 08:51 UTC

Thanks Anand. We have an endDate column for user profile in Saviynt which we can populate. I haven't worked on Analytics yet. Any pointers for Analytics to my above requirement? Or any references?
This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:54 PM

Originally posted on May 7 2020 at 09:03 UTC

Hi Chandan,


Greetings!!


I would recommend you to raise a separate thread on Analytics query.


A sample example for your reference: (You could modify it as per your requirement, Could be used with Version 1 Analytics)


SELECT a.accountkey AS 'acctKey', ae.entitlement_valuekey AS 'entvaluekey', ev.entitlement_value, a.accountid, u.userkey AS 'userKey', u.username AS USER, a.name AS BOX_ACCOUNT, a.status AS ACCOUNT_STATUS, u.firstname, u.lastname, u.email AS USER_EMAIL, CASE WHEN u.statuskey = 1 THEN 'ACTIVE' WHEN u.statuskey = 0 THEN 'INACTIVE' ELSE 'NONE' end AS USER_STATUS, Sysdate() AS RUNTIME, 'Deprovision Access' AS Default_Action_For_Analytics, ep.endpointname, u.termdate FROM accounts a JOIN endpoints ep ON ep.endpointkey = a.endpointkey JOIN user_accounts ua ON ua.accountkey = a.accountkey JOIN users u ON ua.userkey = u.userkey AND u.termdate IS NOT NULL JOIN account_entitlements1 ae ON ae.accountkey = a.accountkey JOIN entitlement_values ev ON ev.entitlement_valuekey = ae.entitlement_valuekey WHERE a.endpointkey IN (2) AND a.status IN (2,'Manually Suspended') AND Date_add(u.termdate, INTERVAL 15 day) < Now()


Additionally, I would recommend you to check Analytics documentation for your learning and references.


Thanks & Regards,

Anand Kumar Jha

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Go to solution
Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:54 PM

Originally posted on May 7 2020 at 11:49 UTC

Thanks Anand


Will check on the references and if required will open a new topic.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
Copyright © 2024 Khoros, LLC