Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Computershare GEMS Application Requirement

Adithya
New Contributor III
New Contributor III

Hi Saviynt Team,

We have below challenges to integrate GEMS application with Saviynt. Appreciate if you can share your thoughts on how we can integrate this application with Saviynt.


1. In GEMS, users can only have one entitlement access at a time (Ent Type: userUserRole) .
2. In GEMS, a user can’t be created or exist without a entitlement access.
3. In GEMS, entitlements can’t be removed; they can only be replaced.

Topic 1:
=======
To cater "In GEMS, users can only have one entitlement at a time"; we're planning to use application based access request, and set create task action as "Remove Task for Existing Entitlements" in endpoint in entitlment type configuration.

Adithya_0-1717985907782.png

Adithya_1-1717985943795.png

So whenever end user raises request for entitlement (Ent Type: userUserRole), Saviynt will raise "Remove Access for existing entitlement (Ent Type: userUserRole)" and "raise add access task for new entitlement (Ent Type: userUserRole)". So at the same time Saviynt will raise "Remove Access and Add Access Tasks".

But, problem is "In GEMS, entitlements can’t be removed; they can only be replaced.". So, GEMS team suggested that use their replace API and move user from actual entitlement to a dummy entitlement (which doesn't give any access to GEMS).

Q1> Let's say Saviynt has used their replace API in remove access JSO; both remove access and add access tasks created. Remove access task will try to replace the entitlement and add access will try to add new entitlement.

Which task gets processed first? Is there any configuration needs to set in Saviynt, to allow add access task to process first then others? Please guide me.

2 REPLIES 2

NM
Valued Contributor
Valued Contributor

Hi @Adithya, keep remove access json empty it will automatically complete the task.

rushikeshvartak
All-Star
All-Star
  • Your configuration looks correct.
  • In remove existing access. in Add Access JSON call replace API to replace access. 
  • You can define task type priority  in global configuration.
  • rushikeshvartak_0-1717994153855.png

     

  • Task Execution Hierarchy

    Use this setting to define the hierarchy to execute the tasks in EIC. This hierarchy represents the order (sequence) in which the task types are executed after running the WSRETRY job for a request.

    By default, EIC executes the task types in the following hierarchy:

    • Add Account = 1

    • Remove Account or Remove Access = 2

    • Create New Account = 3

    • Change Password = 5

    • Enable Account = 6

    • Delete Account =8

    • Update User =9

    • Update Account =12

    • Disable Account = 14

    • Create Entitlement = 24

    • Update Entitlement - Add Access = 25

    • Update Entitlement - Remove Access = 26

    • Update Entitlement= 27

    • Delete Entitlement = 28

    • Grant Access to Firefighter ID = 29

    • Revoke Access for Firefighter ID = 30

    • Update Access End Date = 31

    • Lock Account = 32

    • Unlock Account = 33

    Note

    The numerical values of the task types are internal values assigned in EIC and they cannot be modified.

    The default order in which the task types are executed in EIC is:

    1 > 12 > 9 > 3 > 2 (remove access > remove account) > 5 > 6 > 14 > 8 > 24 > 27 > 28 > 25 > 26 > 29 > 30

    Note

    It is recommended to retain the default task execution hierarchy for the task types in EIC.

    To modify (customize) the default order in which the task types are executed in EIC, select the list of task types in the Task Execution Hierarchy field from Admin > Global Configurations > Request.

    Note

    When the Task Execution Hierarchy field is configured, it overrides the default task type execution hierarchy. EIC executes the task types in the same order in which the task types in this field were selected.

    The following options are available in the Task Execution Hierarchy field.

    • AddAccess

    • RemoveAccess

    • NewAccount

    • ChangePassword

    • EnableAccount

    • RemoveAccount

    • UpdateUser

    • UpdateAccount

    • DisableAccount

    • Create Entitlement

    • Update Entitlement

    • Delete Entitlement

    • EntitlementManagement

    • Add Child Entitlement

    • Remove Child Entitlement

    • Grant Firefighter ID

    • Revoke Firefighter ID

    • Update Access End Date

    • Lock Account

    • Unlock Account

    • Firefighter Instance Grant Access

    • Firefighter Instance Remove Access

    • Firefighter Access Alert

    • Create Organization

    • Update Organization

    For more information about the data mapping, see Database Schema Reference in Enterprise Identity Cloud Schema Guide.

     

    https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter06-EIC-Configurations/Config... 


Regards,
Rushikesh Vartak
If you find this response useful, kindly consider selecting 'Accept As Solution' and clicking on the 'Kudos' button.