and more in a single search tool across platforms. Read the announcement here. |
01/10/2024 01:05 PM - edited 01/10/2024 01:33 PM
We use /createrequest API to grant access to entitlements on Active Directory logical endpoints (created through ENDPOINTS_FILTER). When requesting access through API, Saviynt always creates an 'Add Access' and 'Update Account' or 'New Account' on the logical endpoint.
Can we suppress 'Update Account' only tasks on the logical endpoint? I am not sure why Saviynt creates an 'Update Account' task on the endpoint when access is requested to the group.
We are not using ARS to request new accounts or add/remove groups, can we just update the Active Directory Security system 'Create Task Action' to 'Entitlements Only' ? Does this configuration work for Logical endpoints as well? Please let me know on how we can suppress 'Update Account' only tasks.
01/10/2024 06:11 PM
It seems you have dynamic attributes on logical application, Please don't store dynamic attributes value to account column, It will not create update account task.
01/11/2024 04:36 AM - edited 01/11/2024 07:05 AM
Which value should I select, so the update account tasks are not generated. Also, we are not mapping the dynamic attribute to Accounts column. We only selected Request Type as 'Account' since it is a mandatory field.
01/11/2024 12:49 PM
Share dynamic attributes screenshot
01/11/2024 12:56 PM
01/11/2024 01:03 PM
Does security System - Create Task Action = Entitlements Only ?
01/11/2024 01:06 PM
Nope.
01/11/2024 01:08 PM
Can you enable and try again
01/11/2024 01:11 PM
Will that impact any other use cases on Active Directory? We have few Technical rules that creates/delete/enable/disable AD accounts as per JML use cases.
01/11/2024 01:12 PM
No
01/11/2024 01:20 PM
We have one use case where we call /createrequest API to DISABLEACCOUNT. If we change the create task action to 'Entitlements Only', will that still work?
01/11/2024 07:11 PM
Yes, It only does not create - New & update account task
01/12/2024 04:40 AM
Thanks. Does Saviynt create 'New Account' tasks when using ARS to request an Active Directory account with this setting?
01/14/2024 07:24 PM
it will not create task but internally it will create account json