and more in a single search tool across platforms. Read the announcement here. |
10/05/2023 06:17 AM
Hello Team,
We have configured the service account and we are able to create/modify/revoke.
When we are revoking then its creating remove account task. We have requirement that initially we need to disable the service account and after some specific period we need to delete/revoke/remove the service account.
Can anybody suggest me how can I disable the service account instead of revoke/remove from manage service account tile?
Regards,
Rahul
Solved! Go to Solution.
10/05/2023 08:11 AM
Remove action will directly create the remove task no workaround using that action.
If your use case is to disable then hide the remove button and then enable state and status Field for Disable. In that case user can submit request for disable and then later using analytics to detect the disabled accounts for certain period and then trigger deprovision account using actionable analytics
10/06/2023 02:03 AM
Thank you for the reply @sk .
I have disabled the remove account and added Disable in State and status field. But service account not showing in Request for other.
can you please suggest?
Regards,
Rahul
10/06/2023 06:13 AM
@rahul_p : Service Accounts won't show under Request For Others. Instead you have to go for Manage Service Accounts page, Where user will see the accounts that are owned by him.
10/06/2023 07:05 AM
Hello @sk,
Under manage service action which action user need to select? It shows Create/Modify/Revoke, we have disabled revoke action, now we have create and modify.
Also we have requirement that some specific group/set of users can request only for service account which we are managing using custom sav role.
So please tell me, how specific set of users which belongs to custom sav role can submit the disable request?
Regards,
Rahul
10/06/2023 07:48 AM - edited 10/06/2023 07:53 AM
@rahul_p : If you enable Disable Status on Endpoint level you will see slider icon as shown below
Once you click on respective icon you can select the account and submit disable account request.
Whereas coming to your second question. Creation of service account you can control whom can request but any other requests such as modify/remove/disable/change password etc, Everything currently restricted to owner of service account.
I know Saviynt is working on enhancement to change that process but as of now, except create everything else is restricted to owner of service account.
10/06/2023 07:58 AM
Thank you @sk , I have enabled state and status for Disable but still not getting slider icon, restarting application and will check after that.
Will keep you posted.
Regards,
Rahul
10/06/2023 08:12 AM
Hello @sk ,
Disable account task got generate but service account got deleted.
Any comments.
Regards,
Rahul
10/06/2023 08:51 AM - edited 10/06/2023 08:52 AM
What is the target endpoint? It depends on the logic you built for respective action on that connection
10/11/2023 04:23 AM
The disable issue resolved, it was the issue of container in AD, its working now.
Regards,
Rahul
11/09/2023 06:58 AM
Hello @sk ,
I am trying to grant disable and modify service account operations permission to custom sav role, I have added below feature access :
After that user is able to see only Add to cart for create only, not for Modify and Disable, can you help me here please?
This was related topic so did not create new forum question, thanks.
Regards,
Rahul
11/09/2023 08:34 AM
@rahul_p: Firstly Modify and Disable options will show based on the configuration you have on endpoint.
Secondly, Those options are only visible to owner of respective service account.