Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Endpoint / REST Endpoint Account Issues

Go to solution
Sivagami
Valued Contributor
Valued Contributor

‎09/23/2022 04:11 AM

We have Endpoint filter concept in connectors for AD and REST connector. This helps with the logic segregation of group of entitlements to be depicted as a separate application.

Let's consider I have an AD endpoint application consisting of 6 groups.  So, the endpoint account will get created when the user is part of any of these 6 groups. For example, let's say a user had one of this 6 groups and when the group he was part of is removed then the status of the AD endpoint account is changed to inactive from import as the user is no longer part of any of the 6 groups.

 
When the same user comes to saviynt to request access to the endpoint, they are not able to request as there is an inactive account associated with the endpoint. This is causing a lot of overhead and we are trying to find a solution for the same.
 
Appreciate insights on how to resolve the issue. We should let the user request access again.
 
Thanks,
Siva 

 

1 person had this problem.
Labels:
0 Kudos
2 REPLIES 2

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee

‎09/27/2022 02:34 PM

@Sivagami,

What is the default behaviour post account import after the groups are revoked, the account status is set to inactive or does the account status set as SUSPENDED FROM IMPORT SERVICE ?

 

 

Regards,
Avinash Chhetri
0 Kudos

Go to solution
Sivagami
Valued Contributor
Valued Contributor

‎01/02/2023 12:15 AM

Adding statusAndThresholdConfig in AD and REST connector resolved the issue, Avinash!

{
  "statusAndThresholdConfig": {
    "statusColumn": "customproperty3",
    "activeStatus": [
      "true"
    ],
    "deleteLinks": false,
    "accountThresholdValue": 10000,
    "correlateInactiveAccounts": false,
    "inactivateAccountsNotInFile": false,
    "deleteAccEntForActiveAccounts": true
  }
}

 

1 person found this solution to be helpful.
0 Kudos
Copyright © 2024 Khoros, LLC