Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

AD Connector provisioning add access task without account

AnumitaL
New Contributor II
New Contributor II

Question on AD connector provisioning for  AD group assignment : 1) Will a technical rule generate an add access task  (for adding an AD group) for a user which does not have an AD account yet ? 2) will this add access task get provisioned successfully by automatically creating a new AD account for the user on AD endpoint in Saviynt EIC and on the AD application?

Bringing this to your attention 

@ParitaSavla @saikanumuri 

5 REPLIES 5

Darshanjain
Saviynt Employee
Saviynt Employee

Hi @AnumitaL 

Yes, it does work , it will automatically create a account as well as add that group to that user if the user is matching the technical rule to give access to AD group.

 

Thanks

Darshan

Quickly re-confirming, If there is an add access task present for a user for AD connector. the user does not have any account in the AD endpoint in Saviynt , or in the AD target system. Now once this add access task get provisioned by a wsretry job, will the AD connector create an account in AD target, before adding the access?

saikanumuri
Saviynt Employee
Saviynt Employee

Hi Anumita,

This will work as mentioned by Darshan. However, You need to define an additional action in the technical rule to create the account for the AD endpoint along with assigning the group. Otherwise, it wouldn't generate any tasks for the user.

Below is the screenshot for your reference.

saikanumuri_0-1678378309428.png

 

AnumitaL
New Contributor II
New Contributor II

Thanks. My question is : in case the technical rule does not have the 'create account ' selected (it is being done through a different technical rule): then will the 'add access' action work in the technical rule?

Hi @AnumitaL 

No if the account is not present for the user and if only add access action is present then it will not create the tasks for creating a account, so you need to keep both create account and add access.

 

Thanks

Darshan