Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Adjustment the data in AD Accounts and user properties

userNM
Regular Contributor
Regular Contributor

‎07/31/2024 05:39 AM

Hello,

we have requirements to trigger the data change in AD Accounts if it is not the same as in the user Table properties because users and AD accounts come from different systems.

How can we so?

So, e.g. Admin changes smth in AD Account from the user, the data will be provisioned in Saviynt AD Account property and then Saviynt compares this data with CP in User Table and if they are not the same, Account Update task is triggered. It will be provisioned again correctly in AD.

Can we do it in Saviynt?

 

0 Kudos
11 REPLIES 11

NM
Esteemed Contributor
Esteemed Contributor

‎07/31/2024 05:56 AM

Hi @userNM , you can use analytics for the same.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

userNM
Regular Contributor
Regular Contributor
In response to NM

‎07/31/2024 05:59 AM

but is it not so, that analytics we can run only twice a day?

 

0 Kudos

NM
Esteemed Contributor
Esteemed Contributor

‎07/31/2024 06:00 AM

No .. there is no restriction like that.


If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'
0 Kudos

userNM
Regular Contributor
Regular Contributor
In response to NM

‎07/31/2024 06:03 AM

but analytics it's just a select query and we need that when it changes it triggers the comparison and if it's not the same it provisions the data which is in user table... what is the trigger action in this case in analytics?
So, like user update rules, but kinda "account update rules"

 

0 Kudos

rushikeshvartak
All-Star
All-Star

‎07/31/2024 06:12 AM

  • Use user update rule to compare user and account properties and trigger update account task
  • or
  • you can use actionable analytics with update account action 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

userNM
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎08/05/2024 02:07 AM

hello @rushikeshvartak thank you! but how we can compare the user and account properties in user update rule? Or you mean with an advanced query?
thank you!

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to userNM

‎08/05/2024 02:09 AM

Advanced query 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

userNM
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎08/05/2024 08:42 AM

I tried to do it with analitics, because with advanced query is too case sensetive but the point is that we receive for 1 user 1140 results, it is a lot, I think it shouldn't be like that and I tried to remove the entitlements because we do not need them here but I can't because otherwise I can't create analytics...

Here is the query:

SELECT u.JOBCODEDESC, u.USERNAME, a.accountkey as acctKey , ev.ENTITLEMENT_VALUEKEY as entvaluekey, a.accountid as accountid , a.name as accName , u.userkey as userKey , 'updateAccount' as Default_Action_For_Analytics from users u INNER JOIN user_accounts ua ON u.userkey = ua.userkey INNER JOIN accounts a ON ua.accountkey = a.accountkey and a.endpointkey in (6) INNER JOIN endpoints e ON a.endpointkey = e.endpointkey INNER JOIN entitlement_types et ON e.endpointkey = et.endpointkey INNER JOIN entitlement_values ev ON et.entitlementtypekey = ev.entitlementtypekey WHERE ( a.Status != 'SUSPENDED FROM IMPORT SERVICE' ) AND (u.STATUSKEY = '1') AND ( u.username!= a.customproperty31 OR u.username!= a.customproperty48 OR u.firstname!= a.CUSTOMPROPERTY36 OR u.lastname != a.CUSTOMPROPERTY3 OR u.employeeType != a.CUSTOMPROPERTY9 OR u.employeeclass != a.customproperty5 OR u.customproperty18 != a.CUSTOMPROPERTY7 OR u.COUNTRY != a.CUSTOMPROPERTY13 OR u.LOCATIONNUMBER != a.CUSTOMPROPERTY14 OR u.customproperty4 != a.CUSTOMPROPERTY31 OR u.departmentname != a.customproperty18 OR u.displayname != a.displayname OR u.customproperty3 != a.customproperty48 OR u.employeeId != a.customproperty38 OR u.CUSTOMPROPERTY1 != a.customproperty31 OR u.CUSTOMPROPERTY22 != a.CUSTOMPROPERTY17 OR u.firstname != a.customproperty36 OR u.job_function != a.customproperty14 )

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to userNM

‎08/05/2024 06:29 PM

Please elaborate query logic


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

userNM
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎08/06/2024 01:01 AM

the problem is that ev.ENTITLEMENT_VALUEKEY is mandatory and this is the attribute which creates these duplicates till 1000, but when we remove this from analitics it gives error, that update account task can't be created... that's the problem...

 

about advanced query...is it in general possible.. if this has smth with account to do and not with users directly? there is no update in the user properties, just account properties

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to userNM

‎08/06/2024 06:27 AM

Yes its with account


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC