Saviynt Forums

Currently I just have a User Update Rule so I can quickly test the email. Ultimately it will be in the Active Directory New Account task complete so the secondary manager can receive it. I updated the email and used what you provided, but there is no secondary manager in the body:
entitlement_endpoint_list = []br> manager = manager_userbr> createdBy = manager_user> service_accounts_list = []br> ownerOnTerminate = manager_user> serviceaccount_endpoints_list = []br> baseUrlForEmail = https://emaillinkbr> user = test.user@aol.combr> requestor = manager_user> entitlement_value_list = []br> out = java.io.PrintWriter@250b8c64br> [entitlement_endpoint_list:[], manager:manager_user, createdBy:manager_user, service_accounts_list:[], ownerOnTerminate:aalvarez_adm_twc, serviceaccount_endpoints_list:[], baseUrlForEmail:https://emaillink , user:test.user@aol.com, requestor:manager_user, entitlement_value_list:[], out:java.io.PrintWriter@250b8c64]

Attach to New Account in AD  and validate 

Again, no data pertaining to secondary manager.

• Share variable list 

resourceOwners > tasktype > manager > accountOwners = []br> randompassword > entitlement > provisioningOwners > users > requestor >  account_password = > task > accountname > requestid > endpointDisplayName > account_name > endpointOwners > baseUrlForEmail > user > taskaction > account > [resourceOwners:, tasktype, manager, accountOwners:[], randompassword, entitlement:[], provisioningOwners:, users:, requestor, account_password, task, accountname, requestid:AutoGenerated, endpointDisplayName, account_name, endpointOwners, baseUrlForEmail, user, taskaction, account]

${users.secondaryManager.email}

Attempted to use that in the email body as a test, which was not successful.

Could you kindly provide a detailed snapshot of the information extracted from the logs, encompassing errors and other pertinent functionality details encountered during the execution of this process? Your assistance in furnishing this information would greatly aid in the analysis and resolution of any issues .



‼️‼️⚠️Do not upload any attachments that contain sensitive information, such as IP Addresses, URLs, Company/Employee Names, Email Addresses, etc.⚠️‼️‼️

I'm not entirely sure how to attach logs while validating no sensitive data is present. Is there a reference on scrubbing logs?

• Change URL to xxxxx
• change emails to xxxxx

Attaching email logs scrubbing data. Note: This current log was from users.secondaryManager.email being directly used in the body.

Try ${task?.userKey?.secondaryManager?.email}

Was able to get access to the environment to retest. Still receive the value you supplied as plain text in the email. Not the value of the secondary manager's email.

I did try modifying the template to just ${user.secondaryManager} and that worked and returned the manager. I think it is purely an issue of the email cannot be linked in the user object since it doesn't exist in the reference. Is there a way to pull a user by username and reference the email?

${com.saviynt.ecm.identitywarehouse.domain.Users.get(user?.secondaryManager)?.username} 

That also just returns the string literal. Does not seem to function as intended.

Share screenshot how you used?

Utilized code directly from your text in the body, just replacing username with email.

Where is email template attached ? Can you try on TO/CC

Utilized the code in the CC but no emails are coming through when retesting.

Where is email template attached ? 
Please share logs and highlights line number in file from which logs can be reviewed 

Hello @aalvarez_mk - 

At Saviynt, we take security and privacy seriously.

As the Saviynt Community Forum is an open forum, viewable by anyone on the internet, we make it a priority to ensure that customers' and partners' Personally Identifiable Information (PII) is never disclosed. This also includes other technical information that malicious individuals could potentially use against you or your company.

Best Practices:

• Before posting, always review all screenshots, attachments, logs, JSONs, etc., to protect yourself and the companies you work for.

Common Items to Look For:

• Employee names, email addresses, phone numbers
• Company names, logos, domain names, IP addresses
• URLs, DB_URLs, client_secrets, client_id values, authorization tokens, redirect_uri values, encrypted attribute values, templateMandatoryData
  
  
• Note: This list is not exhaustive, please use your common sense. If the information is specific for you or your company, then it is PII. If it is general code that anyone can use at any company, then it is probably safe.

By following these guidelines, you help maintain the security and privacy of all forum participants.

Below are two example of how to edit/mask your information:

• For screenshots, use a program like Paint to cover PII:
  
  
• For logs or JSONS, use a neutral character like XXXXXX to obfuscate PII:

WHEN (companyname = 'XXXX' OR orgunitid = XXXXXXXXX)
AND LENGTH(lastname) >= 5
THEN REPLACE(CONCAT(SUBSTRING(lastname, 1, 5), SUBSTRING(firstname, 1, 2)), 'ñ', 'n')
ELSE NULL

Thank you,
Dave

I have tried user.secondaryManager.email previously which does not print anything per Rushikesh. As there's no if/else condition to try when dumping all variables, I don't think that would be impacting anything.