We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Disable Account json with if else

Vidhya
New Contributor II
New Contributor II

Can someone tell me if this JSON is proper:

{
"moveUsertoOU": "${if(user.customproperty45.equals('Yes')) {OU= ${new java.text.SimpleDateFormat('MMMM').format(user.termDate)},OU=DisabledUsers Disable,OU=CEO-Dev,DC=xyz,DC=b,DC=c,DC=u} else {OU= ${new java.text.SimpleDateFormat('MMMM').format(user.termDate)},OU=Pending Disable,OU=CEO-Dev,DC=xyz,DC=b,DC=c,DC=u}}",
"deleteAllGroups" : "Yes",
"userAccountControl" : "514",
"extensionAttribute6":"null",
"extensionAttribute7":"null"
}

The scenario if customproperty45 equals yes then it should move to disabledusers OU else move to Pending Disable OU

10 REPLIES 10

naveenss
All-Star
All-Star

Any error with the above JSON?

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Vidhya
New Contributor II
New Contributor II

Disable Account task is not getting provisioned

ok. Can you please try the below updated JSON and let me know the result?

{
  "moveUsertoOU": "${if(user.customproperty45.equals('Yes')) { return {\"OU=\"+(new java.text.SimpleDateFormat('MMMM').format(user.termDate)+\",OU=DisabledUsers Disable,OU=CEO-Dev,DC=xyz,DC=b,DC=c,DC=u\"}} else {return {\"OU=\"+(new java.text.SimpleDateFormat('MMMM').format(user.termDate))+\",OU=Pending Disable,OU=CEO-Dev,DC=xyz,DC=b,DC=c,DC=u\"}}}",
  "deleteAllGroups": "Yes",
  "userAccountControl": "514",
  "extensionAttribute6": "null",
  "extensionAttribute7": "null"
}
Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Vidhya
New Contributor II
New Contributor II

But it shouldn't remove groups when it is moving to pending disable OU after 10 days it moves to disabledusers OU and removes groups 

 

pmahalle
All-Star
All-Star

Hi @Vidhya ,

Can you try below one:

{
"moveUsertoOU": "${if(user.customproperty45.equals('Yes')) {'OU=DisabledUsers Disable,OU=CEO-Dev,DC=xyz,DC=b,DC=c,DC=u'} else {'OU=Pending Disable,OU=CEO-Dev,DC=xyz,DC=b,DC=c,DC=u'}}",
"deleteAllGroups": "No",
"userAccountControl": "514"
}


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

Vidhya
New Contributor II
New Contributor II

But it shouldn't remove groups when it is moving to pending disable OU after 10 days it moves to disabledusers OU and removes groups 

Vidhya
New Contributor II
New Contributor II

One thing i observed is the rule gets triggered to remove birthright group access( I configured user update rule) but pending task is not generated

Hi @Vidhya ,

What’s the action you selected in the update rules to remove accesses?

Use “Deprovision Access” action in your update rule. Also, make sure that user has accesses/entitlements assigned while rule triggered.


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

Vidhya
New Contributor II
New Contributor II

remove birthright fail access

The Remove Birthright Fail Access is used specifically for terminated users whose user status key = 1 was specified in the conditions of the Technical Rule. Later, when the users are terminated and status key changes to '0' the users no longer meet the Technical rule condition. Hence the access granted via the Birthright access in the Technical Rule needs to be de-provisioned.

To accomplish de-provisioning of the Birthright Access that was provided via the Technical Rule when the status key = 1 condition in Technical Rule changes to status key = 0, because of user getting terminated, you need to define a User Update Rule with the condition as:

user status key is updated and user status key = 0

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter05-Policies/Creating-User-Up...

If above is not the case for you better to use "re-run selected technical rule" action in the update rule and select all the technical rule which are used for provisioning the birthright access. Also make sure check Birthright checkbox in all those technical rule if not already.


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂