Saviynt Forums

SumathiSomala · ‎08/08/2023

Hi Everyone,

We have the following use case:

We have on-prem AD where Saviynt provisions all new users as target system. This on-prem AD syncs accounts to AzureAD every 30 minutes. Then we reconcile AzureAD to get the synced accounts into Saviynt.

The scenario is that we have to provision SKU as birthright into AzureAD account on any new user creation. But we do not want to create a user in AzureAD but only provision SKU as entitlement to reconciled account once it is synced from On-Prem AD to Azure AD.

How will we accomplish assigning the SKU license as birthright for new users if we have this +- 15 - 20 minutes sync time etc
Operation should perform automatically.

Any ideas will be greatly appreciated.

armaanzahir · ‎08/08/2023

Hi @SumathiSomala ,

You could create an actionable analytic where the action would be provision access for that entitlement. The analytic would detect if the user has a corresponding Azure AD account without the access that had been reconciled, and if there was a task for AD On Prem that was executed and completed successfully for the user in the last x hours. This analytic can be scheduled to be run every 2 hours or based on whatever your user import frequency is that creates the On Prem AD Account.

Tables that need to be utilized: users, user_accounts, accounts, arstasks

Configuring Allowed Actions (saviyntcloud.com)

Regards,
Md Armaan Zahir

SumathiSomala · ‎08/08/2023

Thanks for the quick response @armaanzahir

Can You help with the sample Query?

and is this report assigned to analytics owner or will it complete automatically?

How can i assign different entitlements to different users?

Saviynt Forums

Assigning Azure AD licenses as birthright access