Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Account Import is not removing entitlements from missing accounts

Gurukrishna96
New Contributor
New Contributor

‎07/29/2024 01:11 AM

Hi Team,

In Account Import XML for a DB connector, we have configured below fields as follows- 
deleteaccountentitlement="true" accountnotinfileaction="Suspend"

and in STATUS_THRESHOLD_CONFIG, we have configured - 
"deleteLinks": true,

Once the account is deleted and marked "Suspended from Import Service" after account import job, we are still seeing the entitlements tagged to the deleted account. 

What should be done to remove those entitlements from the entitlement hierarchy/associated entitlements pages?

Gurukrishna96_0-1722240529022.png

 

0 Kudos
5 REPLIES 5

NM
Esteemed Contributor
Esteemed Contributor

‎07/29/2024 01:21 AM

Hi @Gurukrishna96 , what is the behaviour after access import?

Share connector configuration


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

Gurukrishna96
New Contributor
New Contributor

‎07/29/2024 01:56 AM

Hi @NM The behavior is same even after access import. There are no changes.

Account Import XML - 

<mapper description="This is the mapping field for Saviynt Field name" ifusernotexists="noaction" addOnlyMode="false" deleteaccountentitlement="true" accountnotinfileaction="Suspend">

Status Threshold Config - 

{
"statusAndThresholdConfig": {
"statusColumn": "status",
"activeStatus": ["1",1],
"deleteLinks": true,
"accountThresholdValue": 1000,
"correlateInactiveAccounts": false
}
}

Please let me know other details that are required from the connector configuration 

 

0 Kudos

sangitaladi
Regular Contributor II
Regular Contributor II
In response to Gurukrishna96

‎07/29/2024 05:53 AM

Hi Gurukrishna

Can you run accounts import once and see its reflecting the changes on applicable accounts. Configuration wise it all looks good. Even my db connector works flowless with the same  config.

You can try the below config, by changing the order. I know it does not make much sense, still you can give a try.(Removing addonlymode)

 <mapper description="This is the mapping field for Saviynt Field name" accountnotinfileaction="Suspend" deleteaccountentitlement="true" ifusernotexists="noaction"> 

If it does not work , Please share logs.

 

f this helps, please consider selecting Accept As Solution and hit Kudos

Best,

Sangita Ladi

 

 

0 Kudos

sangitaladi
Regular Contributor II
Regular Contributor II
In response to Gurukrishna96

‎07/29/2024 05:56 AM

Hi @Gurukrishna96 

Can you run accounts import once and see its reflecting the changes on applicable accounts. Configuration wise it all looks good. Even my db connector works flowless with the same  config.

You can try the below config, by changing the order. I know it does not make much sense, still you can give a try.(Removing addonlymode)

 

sangitaladi_0-1722257743541.png

 

If it does not work , Please share logs.

 

if this helps, please consider selecting Accept As Solution and hit Kudos

Best,

Sangita Ladi

 

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Gurukrishna96

‎07/29/2024 07:38 AM

<mapper description="Database Accounts and Account to Entitlement Import" accountnotinfileaction="suspend" deleteaccountentitlement="true" dateformat="date" systems="'Application'">

Use above configuration for account Import xml


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC