We have requirement to not bring in accounts that would not correlate to an identity from HR source. Is there a way in Saviynt to drop the account if it cannot be correlated to an identity from HR source?
This would be a no-go from an audit standpoint and the accuracy of the data would be questioned by compliance. The reason being that in this approach, the status of the orphan account is being manipulated internally to avoid being reported as orphans in Saviynt system. Is there a better and clean approach to managing orphans - import them into Saviynt only if the user accounts can be correlated or do not import them into Saviynt if they cannot be correlated.
When you say "use User Pre Processor to achieve above use case" - isn't this only for updating user attributes? We are not running a user import job against AD - it is only account and access import jobs. I thought preprocessor is only used for validating / transforming user attributes based on other objects within Saviynt. Do you have an example of how this can be done? I would specifically like examples of the temporary tables (like NEWUSERDATA). [I know that existing tables can be prefixed with CURRENT<<BASIC TABLE NAME>>.
Yes Preprocessor for User import, In your case since its account use saviynt 4 saviynt to suspend accounts after every ad import this is not best practice.
