Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Create deprovision tasks based on entitlement type

snauni
New Contributor II
New Contributor II

‎01/10/2024 01:06 AM

We have an application with two entitlement type - Role (Request Type - None) and Group (Request Type - Table). A user having account in the application will have entitlements belonging to both these entitlement types on their account.

During user termination, we want to create remove account task and remove access tasks for Group, and no remove access tasks for Role. How can this be implemented?

0 Kudos
7 REPLIES 7

PratithShetty
New Contributor II
New Contributor II

‎01/10/2024 03:48 AM

Hi @snauni ,

What I can think of as an alternative solution to solve this usecase is 

1) In your connector, add a condition in remove access JSON saying If ENTTYPE is Group then YES else No. 
2) When the rule is triggered your task might be generated for all the ENT types but while the prov job runs, it will validate the connector configurations and remove only your desired ent types.

Please do post if there is a better/direct solution for this. 

0 Kudos

snauni
New Contributor II
New Contributor II
In response to PratithShetty

‎01/10/2024 05:28 AM

Hi Pratith,

Thank you for the response, however, our use case is different. As in, we do not even want the remove access task to be generated for 'Role' entitlement type.

0 Kudos

rushikeshvartak
All-Star
All-Star

‎01/10/2024 07:58 PM

Under Entitlement Type - Create Task Action = No Action

rushikeshvartak_0-1704945476244.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

snauni
New Contributor II
New Contributor II
In response to rushikeshvartak

‎01/10/2024 10:26 PM

The configuration is already like this for that entitlement type, Create Task Action = No Action. However, the remove access tasks are still getting created.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to snauni

‎01/10/2024 10:29 PM

what about "

Create Dependent Entitlement Task for Remove Access" under endpoint

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

snauni
New Contributor II
New Contributor II
In response to rushikeshvartak

‎01/12/2024 04:07 AM

It is 'ON' for us, however, we see the same behavior for 'OFF' as well.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to snauni

‎01/14/2024 07:25 PM

You can control in JSON not to perform action in target and complete only in saviynt by making dummy call 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC