Re: /createrequest API - creates 'Add Access' and... - Saviynt Forums - 69540

Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

We use /createrequest API to grant access to entitlements on Active Directory logical endpoints (created through ENDPOINTS_FILTER). When requesting access through API, Saviynt always creates an 'Add Access' and 'Update Account' or 'New Account' on the logical endpoint.

Can we suppress 'Update Account' only tasks on the logical endpoint? I am not sure why Saviynt creates an 'Update Account' task on the endpoint when access is requested to the group.

We are not using ARS to request new accounts or add/remove groups, can we just update the Active Directory Security system 'Create Task Action' to 'Entitlements Only' ? Does this configuration work for Logical endpoints as well? Please let me know on how we can suppress 'Update Account' only tasks.

13 REPLIES 13

It seems you have dynamic attributes on logical application, Please don't store dynamic attributes value to account column, It will not create update account task.

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Which value should I select, so the update account tasks are not generated. Also, we are not mapping the dynamic attribute to Accounts column. We only selected Request Type as 'Account' since it is a mandatory field.

Share dynamic attributes screenshot

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Does security System - Create Task Action = Entitlements Only ?

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Nope.

Can you enable and try again

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Will that impact any other use cases on Active Directory? We have few Technical rules that creates/delete/enable/disable AD accounts as per JML use cases.

No

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

We have one use case where we call /createrequest API to DISABLEACCOUNT. If we change the create task action to 'Entitlements Only', will that still work?

Yes, It only does not create - New & update account task

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Thanks. Does Saviynt create 'New Account' tasks when using ARS to request an Active Directory account with this setting?

it will not create task but internally it will create account json

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.