Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Duplicate remove access tasks generated from User Update Rule for AD logical endpoints

miteshparekh
New Contributor
New Contributor

‎11/15/2023 11:05 PM

Hello Guys,
 
We have a logical endpoint setup for AD application (Parent endpoint and child endpoints).
 
We have setup User Update Rule to remove all access of users.
miteshparekh_0-1700117644388.png
 
Once the rule is triggered we see that the remove access tasks are generated for both parent endpoint and child endpoints. This is creating duplicate remove access tasks as same accesses exist in parent endpoint and child endpoint.
miteshparekh_1-1700117909662.png

 

 
One way to restrict this is by adding only parent endpoint in the remove access. But this will lead to adding all the endpoints manually where access needs to be removed. We cannot use the remove 'all' endpoint configuration here. This makes the rule static as we need to add endpoints manually.
 
Is there any other way to avoid the creation of duplicate remove accesses?
 
When we keep remove all access and accounts, it creates only 1 remove account task for the parent endpoint. No remove account tasks are created for child endpoints here. So, remove all accounts is working fine and we need similar behavior for remove all accesses. 
 
Thanks
0 Kudos
5 REPLIES 5

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎11/15/2023 11:19 PM

Hello @miteshparekh,

This is the expected behavior , if you dont want the task to be created for the child endpoint please use the actionable analytic to deprovsion the access.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".

Abhinav
New Contributor
New Contributor

‎11/21/2023 09:38 AM

Hi,

In our case, we are using END Date in child's access request. So, as soon as End Date is reached, 'Remove Access' task is getting triggered for both Child as well as Parent End Point.

These accesses are only part of Child endpoint, and during Add access, only ONE task (for Child Endpoint) is getting triggered, then how does duplicate tasks are getting generated in case of 'Remove Access.'

How can we STOP task for Parent endpoint.

Thanks,

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎11/22/2023 07:58 AM

Hello @miteshparekh,

Can you please check if   'Create Dependent Entitlement Task for Remove Access' is enabled on endpoint side.

note:- enabling this setting also creates Remove Access tasks for parent and child roles when a user requests for removing an existing role that is linked to a child role.

For Ref:- https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter02-Identity-Repository/Viewi... 

Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos

miteshparekh
New Contributor
New Contributor

‎11/24/2023 05:29 AM

@sudeshjaiswal  Thanks for your inputs. Above configuration is disabled at endpoint.

0 Kudos

sudeshjaiswal
Saviynt Employee
Saviynt Employee

‎11/24/2023 05:39 AM

Hello @miteshparekh,

Please utilize actionable analytics to deprovision access.

Thanks.

If you find the above response useful, Kindly Mark it as "Accept As Solution".
0 Kudos
Copyright © 2024 Khoros, LLC