Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Design specific users in Workflow based on a predefined mapping

afauquem
Regular Contributor
Regular Contributor

‎10/14/2024 02:20 AM

Hello,

I'd like some advice on how to implement this client scenario.

The customer has a repository in which each application has a role and one or more users associated with it.
For example :
Application 1,IS Expert,User A
Application 1, Quality Assurance, User F

I would specify that these roles are not application roles but general roles common to each application and used to ensure that the application runs properly.

Every day we update this csv file on an SFTP server and store it as a dataset, enabling us to use the values in access requests.

At present, we use a dynamic attribute to retrieve the approver's name directly from the access request form and we use it in the workflow via the dynamic attribute.

The problem with this method is that in the case of deactivation/reactivation, this is done outside the form, so the variable in the dynamic attribute is not retrieved and the request is sent to Admin in the workflow.

What would be the best method of integrating this specific case?

Regards,

Alexis

Labels:
0 Kudos
6 REPLIES 6

NM
Honored Contributor III
Honored Contributor III

‎10/14/2024 02:33 AM

@afauquem you are retrivung the value from target SFTP to saviynt and then storing it in dataset right?

 

0 Kudos

afauquem
Regular Contributor
Regular Contributor
In response to NM

‎10/14/2024 02:37 AM

Correct, this is the mechanism used today but it does not fully meet the need (Impossible to use these values in the account reactivation workflow).

So I'm trying to find out if there are other solutions/if anyone has already encountered this problem.

Regards,

Alexis

0 Kudos

NM
Honored Contributor III
Honored Contributor III
In response to afauquem

‎10/14/2024 03:44 AM

@afauquem account reactivating you can't access DA

You can use account customproperty for approver 

0 Kudos

afauquem
Regular Contributor
Regular Contributor
In response to NM

‎10/14/2024 06:10 AM

This is a possibility, but the risk is that the approver stored in the account attribute may not be up to date at the time of the request.

0 Kudos

NM
Honored Contributor III
Honored Contributor III
In response to afauquem

‎10/14/2024 06:13 AM

@afauquem before running the prov job have a enhanced query job to update the customproperty.

How frequent does approver gets updated?

Are you using a custom jar to transfer the value to dataset? Is the file stored in datafiles?

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to afauquem

‎10/14/2024 10:19 AM

In dynamic attribute or workflow query you can validate approver status if its active then assign to user group [Support team] who can review request and route to correct new approver


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC