Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Create task when Access expires

fouriefb
Regular Contributor
Regular Contributor

Hi Everyone,

I have another question:

We have 2 disconnected applications/ systems in customer's environment.

When a users access / entitlement expires due to reaching the enddate cutomer specified when requesting this, how do we create remove access tasks for administrators to action them in disconnected applications.

We have read about the enterpriserolemanagement job but that seems to be related to future access requested? 

Any ideas on how this is accomplished in Saviynt will be appreciated

Regards,

F.Fourie

 

6 REPLIES 6

sai_sp
Saviynt Employee
Saviynt Employee

@fouriefb When you are requesting for access, you get an option to specify the start and end dates and that can be made mandatory in the endpoint configurations. Saviynt will automatically create a task when an end date has reached. Is this not the behaviour in your environment? 

fouriefb
Regular Contributor
Regular Contributor

Hello @sai_sp ,

It is for new access that is requested and the 'EnterpriseRoleManagementJob' is runinng. 

If you would updated end date of lets say reconciled access of a disconnected system, you get the update job for admins to complete, which they do. However when this updated end date is reached, no task is created to remove the access.

Will update if we manage to resolve this

dgandhi
All-Star
All-Star

You can run the below job- 

Create Tasks for Future Ent Role Requests (EnterpriseRoleManagementJob)

This will check if any access enddate is reached and will create the remove access task.

It will work for both entitlements and  enterprise role.

The same issue was solved in below thread.

https://forums.saviynt.com/t5/identity-governance/how-to-revoke-entitlement-on-end-date/m-p/34593#M1...

Thanks

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

fouriefb
Regular Contributor
Regular Contributor

Hi @dgandhi  ,

That forum was raised by my colleague and although it works for newly created access with end dates, it does not work for access where end dates are updated at all.

We are currently busy with a ticket with Saviynt support to get assistance.

Wil update if we can get it resolved, but as I mentioned, If you update an end date of any access in Saviynt, you will not receive any remove tasks running the 'EnterpriseRoleManagementJob'

Is it something you also encountered before?

Thanks for taking the time to reply.

 

Manu269
All-Star
All-Star

Hello,

I would like to know more and suggest few item.

1. How the disconnected system request fulfillment is happening?

 -> If this is via SNOW ticket, then upon reaching the end date, you should configure Create Tasks for Future Ent Role Requests (EnterpriseRoleManagementJob) job. This will take care for both enttilements as well as EP Role. EIC will create Revoke Access task and then corresponding ticket will be created.

--> If this is via manual request fullfillment, then the Provisioning owner can claim the task from Pending task list and take action in target System and then close the ticket in Saviynt.

Alternatively you can also create analytics reports to be sent to Applciatiom owner for this disconnected system end date items.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

fouriefb
Regular Contributor
Regular Contributor

Hi Manu,

Thanks for your reply.

Admins are manually claiming and completing tasks from Pending tasks tab, but tasks for updated end dates are never created.

We are working with support currently, as we only get tasks when new access is requested with end date once off. If that date is changed at all, no task is created.

Will update if resolved