and more in a single search tool across platforms. Read the announcement here. |
05/11/2023 06:31 AM
Hi Everyone,
I have another question:
We have 2 disconnected applications/ systems in customer's environment.
When a users access / entitlement expires due to reaching the enddate cutomer specified when requesting this, how do we create remove access tasks for administrators to action them in disconnected applications.
We have read about the enterpriserolemanagement job but that seems to be related to future access requested?
Any ideas on how this is accomplished in Saviynt will be appreciated
Regards,
F.Fourie
05/15/2023 01:16 PM
@fouriefb When you are requesting for access, you get an option to specify the start and end dates and that can be made mandatory in the endpoint configurations. Saviynt will automatically create a task when an end date has reached. Is this not the behaviour in your environment?
05/16/2023 12:52 AM
Hello @sai_sp ,
It is for new access that is requested and the 'EnterpriseRoleManagementJob' is runinng.
If you would updated end date of lets say reconciled access of a disconnected system, you get the update job for admins to complete, which they do. However when this updated end date is reached, no task is created to remove the access.
Will update if we manage to resolve this
05/15/2023 01:23 PM
You can run the below job-
Create Tasks for Future Ent Role Requests (EnterpriseRoleManagementJob)
This will check if any access enddate is reached and will create the remove access task.
It will work for both entitlements and enterprise role.
The same issue was solved in below thread.
Thanks
05/16/2023 12:47 AM
Hi @dgandhi ,
That forum was raised by my colleague and although it works for newly created access with end dates, it does not work for access where end dates are updated at all.
We are currently busy with a ticket with Saviynt support to get assistance.
Wil update if we can get it resolved, but as I mentioned, If you update an end date of any access in Saviynt, you will not receive any remove tasks running the 'EnterpriseRoleManagementJob'
Is it something you also encountered before?
Thanks for taking the time to reply.
05/15/2023 10:46 PM
Hello,
I would like to know more and suggest few item.
1. How the disconnected system request fulfillment is happening?
-> If this is via SNOW ticket, then upon reaching the end date, you should configure Create Tasks for Future Ent Role Requests (EnterpriseRoleManagementJob) job. This will take care for both enttilements as well as EP Role. EIC will create Revoke Access task and then corresponding ticket will be created.
--> If this is via manual request fullfillment, then the Provisioning owner can claim the task from Pending task list and take action in target System and then close the ticket in Saviynt.
Alternatively you can also create analytics reports to be sent to Applciatiom owner for this disconnected system end date items.
05/16/2023 12:49 AM
Hi Manu,
Thanks for your reply.
Admins are manually claiming and completing tasks from Pending tasks tab, but tasks for updated end dates are never created.
We are working with support currently, as we only get tasks when new access is requested with end date once off. If that date is changed at all, no task is created.
Will update if resolved