Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Adjustment the data in AD Accounts and user properties

userNM
New Contributor III
New Contributor III

Hello,

we have requirements to trigger the data change in AD Accounts if it is not the same as in the user Table properties because users and AD accounts come from different systems.

How can we so?

So, e.g. Admin changes smth in AD Account from the user, the data will be provisioned in Saviynt AD Account property and then Saviynt compares this data with CP in User Table and if they are not the same, Account Update task is triggered. It will be provisioned again correctly in AD.

Can we do it in Saviynt?

 

11 REPLIES 11

NM
Honored Contributor II
Honored Contributor II

Hi @userNM , you can use analytics for the same.

userNM
New Contributor III
New Contributor III

but is it not so, that analytics we can run only twice a day?

 

NM
Honored Contributor II
Honored Contributor II

No .. there is no restriction like that.

userNM
New Contributor III
New Contributor III

but analytics it's just a select query and we need that when it changes it triggers the comparison and if it's not the same it provisions the data which is in user table... what is the trigger action in this case in analytics?
So, like user update rules, but kinda "account update rules"

 

rushikeshvartak
All-Star
All-Star
  • Use user update rule to compare user and account properties and trigger update account task
  • or
  • you can use actionable analytics with update account action 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

hello @rushikeshvartak thank you! but how we can compare the user and account properties in user update rule? Or you mean with an advanced query?
thank you!

 

Advanced query 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

I tried to do it with analitics, because with advanced query is too case sensetive but the point is that we receive for 1 user 1140 results, it is a lot, I think it shouldn't be like that and I tried to remove the entitlements because we do not need them here but I can't because otherwise I can't create analytics...

Here is the query:

SELECT u.JOBCODEDESC, u.USERNAME, a.accountkey as acctKey , ev.ENTITLEMENT_VALUEKEY as entvaluekey, a.accountid as accountid , a.name as accName , u.userkey as userKey , 'updateAccount' as Default_Action_For_Analytics from users u INNER JOIN user_accounts ua ON u.userkey = ua.userkey INNER JOIN accounts a ON ua.accountkey = a.accountkey and a.endpointkey in (6) INNER JOIN endpoints e ON a.endpointkey = e.endpointkey INNER JOIN entitlement_types et ON e.endpointkey = et.endpointkey INNER JOIN entitlement_values ev ON et.entitlementtypekey = ev.entitlementtypekey WHERE ( a.Status != 'SUSPENDED FROM IMPORT SERVICE' ) AND (u.STATUSKEY = '1') AND ( u.username!= a.customproperty31 OR u.username!= a.customproperty48 OR u.firstname!= a.CUSTOMPROPERTY36 OR u.lastname != a.CUSTOMPROPERTY3 OR u.employeeType != a.CUSTOMPROPERTY9 OR u.employeeclass != a.customproperty5 OR u.customproperty18 != a.CUSTOMPROPERTY7 OR u.COUNTRY != a.CUSTOMPROPERTY13 OR u.LOCATIONNUMBER != a.CUSTOMPROPERTY14 OR u.customproperty4 != a.CUSTOMPROPERTY31 OR u.departmentname != a.customproperty18 OR u.displayname != a.displayname OR u.customproperty3 != a.customproperty48 OR u.employeeId != a.customproperty38 OR u.CUSTOMPROPERTY1 != a.customproperty31 OR u.CUSTOMPROPERTY22 != a.CUSTOMPROPERTY17 OR u.firstname != a.customproperty36 OR u.job_function != a.customproperty14 )

Please elaborate query logic


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

the problem is that ev.ENTITLEMENT_VALUEKEY is mandatory and this is the attribute which creates these duplicates till 1000, but when we remove this from analitics it gives error, that update account task can't be created... that's the problem...

 

about advanced query...is it in general possible.. if this has smth with account to do and not with users directly? there is no update in the user properties, just account properties

Yes its with account


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.