Hello,
We are trying to provision an Azure AD group through actionable analytics but there are no pending tasks generated.
The scenario is the following:
We need to add a group to the users who have an account in Azure AD, and do not have this group assigned.
We used the query below:
select
ua.userkey as userKey,
a.accountkey as acctKey,
a.name as accName,
ev.ENTITLEMENT_VALUEKEY as entvaluekey,
ev.entitlement_value as Entitlement,
case
when e.endpointkey=6 then 'Active Directory'
when e.endpointkey=2 then 'Azure AD'
else e.endpointkey
end as 'Endpoint',
et.entitlementtypekey,
'Provision Access' as Default_Action_For_Analytics
from
users u inner join user_accounts ua on u.userkey=ua.userkey inner join accounts a on ua.accountkey=a.accountkey inner join endpoints e on a.endpointkey=e.endpointkey inner join entitlement_types et on e.endpointkey=et.endpointkey join entitlement_values ev on et.entitlementtypekey=ev.entitlementtypekey
where
ua.userkey in
(select distinct u.userkey from users join user_accounts on users.userkey=user_accounts.userkey join accounts on user_accounts.accountkey=accounts.accountkey
where
accounts.endpointkey='2')
and
not exists
(select distinct ua1.userkey from user_accounts ua1
join account_entitlements1 ae1 on ua1.accountkey=ae1.accountkey
where
ua1.userkey=ua.userkey
and
ae1.ENTITLEMENT_VALUEKEY='144012')
and e.endpointkey='2'
and ev.ENTITLEMENT_VALUEKEY='144012'
and u.statuskey='1'
and u.customproperty30='A'
and u.employeetype='WC';
Category = Provisioning
Allowed Access = Provision Access
After running the analytics report and the Analytics job, no tasks are generated.
Would appreciate any suggestions on how to solve this.
I see that I have 2 options:
-open
-provision access
If I select 'Provision access' the task is created. But what can I do to generate the pending tasks without my manual intervention?
Run the job with below config if you dont want to take any manual action.
Run all Analytics-v2 (ANALYTICSESJOB) | Using the ANALYTICSESJOB, you can run or schedule jobs to perform a default action for specified Category and Sub-Categories for Elasticsearch-based analytics. For example, if you have thousands of records for which you want to take a default action, you can specify the default action in the query itself while creating the control. Later, if you want to take a default action for a huge set of records in Analytics Elasticsearch Controls, you can specify the category, sub-category and enable the 'Enable Default Action for Analytics' checkbox then the specified action in query is taken for all the records when it is run or scheduled. When you click Action, a dialog box with the following options is displayed:
|
