We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

/createrequest API - creates 'Add Access' and 'Update Account' tasks

RV
Regular Contributor
Regular Contributor

We use /createrequest API to grant access to entitlements on Active Directory logical endpoints (created through ENDPOINTS_FILTER).   When requesting access through API, Saviynt always creates an 'Add Access' and 'Update Account' or 'New Account' on the logical endpoint.  

Can we suppress 'Update Account' only tasks on the logical endpoint?  I am not sure why Saviynt creates an 'Update Account' task on the endpoint when access is requested to the group.  

We are not using ARS to request new accounts or add/remove groups,  can we just update the Active Directory Security system 'Create Task Action' to 'Entitlements Only' ?  Does this configuration work for Logical endpoints as well?  Please let me know on how we can suppress 'Update Account' only tasks.

13 REPLIES 13

rushikeshvartak
All-Star
All-Star

It seems you have dynamic attributes on logical application, Please don't store dynamic attributes value to account column, It will not create update account task.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

Which value should I select, so the update account tasks are not generated.  Also, we are not mapping the dynamic attribute to Accounts column.  We only selected Request Type as 'Account' since it is a mandatory field.

RV_0-1704976604962.png

 

Share dynamic attributes screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

RV_0-1705006581915.png

 

Does security System - Create Task Action = Entitlements Only ?


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

Nope.   

Can you enable and try again


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

Will that impact any other use cases on Active Directory?  We have few Technical rules that creates/delete/enable/disable AD accounts as per JML use cases.

No


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

We have one use case where we call /createrequest API to DISABLEACCOUNT.  If we change the create task action to 'Entitlements Only',  will that still work?

Yes, It only does not create - New & update account task


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

RV
Regular Contributor
Regular Contributor

Thanks.  Does Saviynt create 'New Account' tasks when using ARS to request an Active Directory account with this setting?

it will not create task but internally it will create account json


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.