We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

After completion of user requested application they need to get AD access automatically

Ramana
New Contributor II
New Contributor II

Hi Team,

We had a requirement that once user request a application after submitting it they the task will be generated. Once we run the provisioning job the task gets complete the application will be assigned to him. Here after we need to give him the AD access.

Once the application assigned to the user automatically the AD access need to be given.

I tried to use technical rule but its depand on user attribute side the rule will trigger 

So how can we achive this issue, please let me know anyone is aware of this one 

 

Thanks,

Ramana Muriki

4 REPLIES 4

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Ramana 

Ensure the action must be defined in the technical rule to create the account for the AD endpoint and assign the group. If this is not done, no tasks will be generated for the user.

Both the account creation and group addition actions should be kept, as shown in the screenshot below.

sudeshjaiswal_0-1679855034437.png

Ref: https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter05-Policies/Creating-Technic... 

Thanks

amit_krishnajit
Saviynt Employee
Saviynt Employee

You may want to use Entitlement Map. For the requested application entitlements, map the AD groups in the entitlement map. After approval, when the tasks are created for the requested application entitlement, the tasks for AD groups would also be created and provisioned.

 

If you want to explicitly create tasks for AD groups after the tasks for the request application entitlements are completed, then you may use actionable analytics which would trigger add access for the AD groups. In the SQL query in analytics, you would determine any requests which were completed and tasks completed, you can trigger AD groups provisioning for such records. 

 

Thanks,
Amit

Hi Amit,

I mapped the AD group to all requested application.
I requested the application which is maped to AD group but still not able to see the ad task created

 

Thanks,

Ramana Muriki

Could you please share a screenshot of the Entitlement Map? Also, please make sure that the Request-Option for the AD Group entitlement type is set to something other than None (e.g., None(Create Task), Table, etc.) 

 

Thanks,
Amit