Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Account correlation overwrite not working

Shreya47
New Contributor III
New Contributor III

‎10/06/2023 07:03 AM

Hi Team,

We are facing issue with overwriting the User Correlation for AD account. We have this below Correlation Rule in AD Endpoint where the Customproperty24 contain the EmployeeID field from AD and User's username is same as the EmployeeID.

users.username = accounts.customproperty24

So, if we change the Employee ID of an account in AD, after the Account Import job the EmployeeID is getting update in the Customproperty24 of the AD account in Saviynt, but the account is not correlating to the new User profile. 

Also, we validated the logs of Account Import Job and found this below line:

2022-08-08 13:59:34,365 [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Associating Users and Accounts


Could you please help us find any missing configuration from our side to achieve the overwriting of the Account Correlation.

 

0 Kudos
16 REPLIES 16

prasannta
Saviynt Employee
Saviynt Employee

‎10/09/2023 08:53 PM

Hi @Shreya47 

Can you provide more details as to what is the reconciliation filed being used for AD? Also, is AD your authoritative source used to create user objects in Saviynt?

Thanks

0 Kudos

Shreya47
New Contributor III
New Contributor III
In response to prasannta

‎10/10/2023 02:36 AM

Hi @prasannta 
The Reconciliation field we are using for AD is objectGUID. AD is not the authoritative source we are using it as a Target application.

Thanks.

0 Kudos

stalluri
Regular Contributor II
Regular Contributor II
In response to Shreya47

‎10/11/2023 03:00 PM

Can you try this below syntax.
(users.username=accounts.customproperty24)


Best Regards,
Sam Talluri
If you find this a helpful response, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Shreya47
New Contributor III
New Contributor III
In response to stalluri

‎10/12/2023 04:28 AM

Hi @stalluri 
Thank you for suggesting this, but I tried it did not work.

0 Kudos

prasannta
Saviynt Employee
Saviynt Employee

‎10/10/2023 09:25 PM

Hi @Shreya47 

Can you provide more details from logs? Can you check what query is being formed in logs during correlation?

Thanks

 

0 Kudos

Shreya47
New Contributor III
New Contributor III
In response to prasannta

‎10/11/2023 03:58 AM

Hi @prasannta 

Please find the logs below:

2023-10-05T12:59:35.646+00:00,ecm-worker,,,,"2023-10-05T12:59:35.247917023Z stdout F 2023-10-05 12:59:35,247 [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Associating Users and Accounts"
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,"2023-10-05T12:59:35.287627527Z stdout F 2023-10-05 12:59:35,287 [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Orphan Accounts- 416"
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,"2023-10-05T12:59:35.287637527Z stdout F 2023-10-05 12:59:35,287 [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Rule: users.username = accounts.customproperty24"
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,"2023-10-05T12:59:35.287640027Z stdout F 2023-10-05 12:59:35,287 [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - sql = "
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,"2023-10-05T12:59:35.287642227Z stdout F SELECT USERS.USERKEY AS USERKEY, ACCOUNTS.ACCOUNTKEY AS ACCOUNTKEY FROM ACCOUNTS ACCOUNTS"
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,2023-10-05T12:59:35.287644427Z stdout F LEFT JOIN USER_ACCOUNTS UA ON ACCOUNTS.ACCOUNTKEY = UA.ACCOUNTKEY
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,2023-10-05T12:59:35.287646627Z stdout F LEFT JOIN USERS USERS ON
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,2023-10-05T12:59:35.287648727Z stdout F users.username = accounts.customproperty24
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,"2023-10-05T12:59:35.287657327Z stdout F WHERE ACCOUNTS.ENDPOINTKEY = 18 AND ACCOUNTS.STATUS IN ('Active','InActive','1','Manually Provisioned','2','SUSPENDED FROM IMPORT SERVICE','Manually Suspended')"
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,2023-10-05T12:59:35.287659327Z stdout F AND ACCOUNTS.ACCOUNTKEY IS NOT NULL AND UA.ACCOUNTKEY IS NULL
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,2023-10-05T12:59:35.287661027Z stdout F AND ACCOUNTS.NAME IS NOT NULL AND USERS.USERNAME IS NOT NULL
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,2023-10-05T12:59:35.287663027Z stdout F
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,"2023-10-05T12:59:35.308885282Z stdout F 2023-10-05 12:59:35,308 [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Total accounts to be correlated = 0"
2023-10-05T12:59:35.646+00:00,ecm-worker,,,,"2023-10-05T12:59:35.308891782Z stdout F 2023-10-05 12:59:35,308 [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - User-accounts correlated: 0"

0 Kudos

Shreya47
New Contributor III
New Contributor III

‎10/13/2023 04:33 AM

Hi All,
Just wondering those the correlation process only happens for Active Orphan accounts, since in the log there is this below line:

2023-10-05T12:59:35.646+00:00,ecm-worker,,,,"2023-10-05T12:59:35.287627527Z stdout F 2023-10-05 12:59:35,287 [quartzScheduler_Worker-2] DEBUG saviynt.ImportExternalDbService - Orphan Accounts- 416"

0 Kudos

prasannta
Saviynt Employee
Saviynt Employee

‎10/15/2023 08:38 PM

Hi @Shreya47 

Can you check if you are getting any results back from this query?

SELECT USERS.USERKEY AS USERKEY, ACCOUNTS.ACCOUNTKEY AS ACCOUNTKEY FROM ACCOUNTS ACCOUNTS
LEFT JOIN USER_ACCOUNTS UA ON ACCOUNTS.ACCOUNTKEY = UA.ACCOUNTKEY
LEFT JOIN USERS USERS ON
users.username = accounts.customproperty24
WHERE ACCOUNTS.ENDPOINTKEY = 18 AND ACCOUNTS.STATUS IN ('Active','InActive','1','Manually Provisioned','2','SUSPENDED FROM IMPORT SERVICE','Manually Suspended')
AND ACCOUNTS.ACCOUNTKEY IS NOT NULL AND UA.ACCOUNTKEY IS NULL
AND ACCOUNTS.NAME IS NOT NULL AND USERS.USERNAME IS NOT NULL

Thanks

0 Kudos

Shreya47
New Contributor III
New Contributor III
In response to prasannta

‎10/16/2023 01:23 AM

Hi @prasannta,

No, this is not returning any data.

0 Kudos

Shreya47
New Contributor III
New Contributor III

‎10/25/2023 02:25 AM

Hi Everyone,

Could you please help us resolve this issue.

0 Kudos

prasannta
Saviynt Employee
Saviynt Employee

‎10/25/2023 02:09 PM

Hi Shreya,

Can you provide the status for both accounts? What is the status for the new and old Ad account? Also, please ensure that inactivateAccountsNotInFile is set to true.

Thanks

 

0 Kudos

rushikeshvartak
All-Star
All-Star

‎10/25/2023 07:02 PM

Import never overwrite account to user correlation 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Shreya47
New Contributor III
New Contributor III
In response to rushikeshvartak

‎10/26/2023 03:43 AM

Hi @rushikeshvartak 
Thanks for confirming this, is there any other way we can achieve this without manual intervention. 

0 Kudos

Dave
Community Manager
Community Manager

‎11/20/2023 08:25 AM

@Shreya47 - Did you still need help with this issue?  I noticed you never replied to @prasannta who was trying to help you. 

0 Kudos

Shreya47
New Contributor III
New Contributor III

‎11/21/2023 01:16 AM

Hi @Dave,
To @prasannta 's ask, there is only one AD account which we want to uncorrelate from one identity and correlate with another identity automatically following the correlation rule while import. As Rushikesh mention "Import never overwrite account to user correlation" I believe we would have to perform this manually. However, if team can suggest some other alternative method to achieve this, would be helpful to us.

0 Kudos

Rajesh-R
Saviynt Employee
Saviynt Employee

‎11/21/2023 03:21 AM

@Shreya47 - Accounts once correlated, Remains correlated. We cannot overwrite that by any means.


Thanks
Rajesh Ramalingam
Saviynt India
Copyright © 2024 Khoros, LLC