Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

How is manager determined in Saviynt?

NDY
New Contributor III
New Contributor III

Hello,

We have an issue with users' manager change from Workday not visible under users' update history. We are importing manager from workday in this way: "MANAGER": "wd:Manager_ID~#~string".

When manager is updated for users from workday, users' update history shows new manager's username as old value and new manager's employeeid as new value for Owner field. This is preventing Saviynt from triggering user update rule when manager changes. Can you please let me know why would this happen?

NPY_0-1716384502657.png

 

Also, I want to understand how the owner field is calculated and are they the same as manager? Where is this configured in Saviynt?

18 REPLIES 18

Saathvik
All-Star
All-Star

@NDY : What is the condition for your user update rule? Are you checking for manager changes?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

NDY
New Contributor III
New Contributor III

Yes, we have user update rule that should trigger AD update when manager changes.

@NDY : Please share your full User attribute mapping and user update rule condition


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

NDY
New Contributor III
New Contributor III
User import mapping:
{
"ImportType": "RAAS",
"ResponsePath": "wd:Report_Data.wd:Report_Entry",
"ImportMapping": {
   "FIRSTNAME": "wd:Preferred_Name_-_First_Name~#~string",
"LASTNAME": "wd:Preferred_Name_-_Last_Name~#~string",
"CUSTOMPROPERTY1": "wd:Legal_Name_-_First_Name~#~string", 
"CUSTOMPROPERTY2": "wd:Legal_Name_-_Last_Name~#~string", 
"MIDDLENAME": "wd:Legal_Name_-_Middle_Name~#~string",
"DISPLAYNAME": "wd:Display_Name~#~string",
                "CUSTOMPROPERTY19": "wd:primaryWorkEmail~#~string", 
                "SECONDARYEMAIL": "wd:primaryHomeEmail~#~string",
"CUSTOMPROPERTY3": "wd:Original_Hire_Date~#~string",
"STARTDATE": "wd:Hire_Date~#~string",
"ENDDATE": "wd:Termination_Date~#~string",
"CUSTOMPROPERTY6": "wd:RACF_ID.wd:Descriptor~#~string",
"CUSTOMPROPERTY4": "wd:Provisioning_Status.wd:Descriptor~#~string",
"EMPLOYEEID": "wd:Employee_ID~#~string",
"COUNTRY": "wd:Location_Country.wd:Descriptor~#~string",
"CUSTOMPROPERTY5": "wd:Address~#~string",
"CITY": "wd:city~#~string",
"STATE": "wd:State_Province~#~string",
"CUSTOMPROPERTY13": "wd:postalCode~#~string",
"CUSTOMPROPERTY11": "wd:Contingent_Worker_Supplier.wd:Descriptor~#~string",
"CUSTOMPROPERTY12": "wd:Supervisory_Organization.wd:Descriptor~#~string",
"CUSTOMPROPERTY7": "wd:SupOrgHierarchy_2nd_Level_from_Top.wd:Descriptor~#~string",
"CUSTOMPROPERTY8": "wd:Pronoun.wd:Descriptor~#~string",
                "CUSTOMPROPERTY18": "wd:Retail_Store_Number~#~string",
"PHONENUMBER": "wd:phoneNumber~#~string",
"LOCATION": "wd:Location_-_Name.wd:Descriptor~#~string",
"COMPANYNAME": "wd:Company~#~string",
"MANAGER": "wd:Manager_ID~#~string",
"COSTCENTER": "wd:Cost_Center~#~string",
"CUSTOMPROPERTY15": "wd:Time_Zone~#~string",
"TITLE": "wd:Position_Title~#~string",
"JOBDESCRIPTION": "wd:Job_Profile_Name~#~string",
"JOBCODE": "wd:Position_ID~#~string",
"CUSTOMPROPERTY9": "wd:isManager~#~string",
"CUSTOMPROPERTY10": "wd:Country_Code~#~string",
"CUSTOMPROPERTY23": "wd:Cost_Center_Code~#~string",
"LOCATIONDESC": "wd:Location_Type_ID.wd:Descriptor~#~string",
"CUSTOMPROPERTY24": "wd:Job_Code~#~string",
"CUSTOMPROPERTY16": "wd:Leave_of_Absence_Flag~#~string",
"REGION": "wd:Region.wd:Descriptor~#~string",
"CUSTOMPROPERTY25": "wd:Primary_Brand.wd:Descriptor~#~string",
"CUSTOMPROPERTY20": "wd:Identifier~#~string",
"CUSTOMPROPERTY21": "wd:Status~#~string",
"CUSTOMPROPERTY22": "wd:Global_Level~#~string",
"CUSTOMPROPERTY26": "wd:Worker_Sub-Type.wd:Descriptor~#~string",
"CUSTOMPROPERTY27": "wd:Location_Country.wd:ID[1].content~#~char" ,
"CUSTOMPROPERTY63": "wd:Coalition.wd:Descriptor~#~string"
}
}
User update rule:
NPY_0-1716391450479.png

 

@NDY : I don't see USERNAME is getting mapped in user attribute mapping. Are you using MODIFYUSERDATAJSON to map the username? If so what are mapping to USERNAME column and if possible please share the same. Also value for Manager_ID is same what you are mapping to USERNAME?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

NDY
New Contributor III
New Contributor III

Hi Saathvik,

The mapping for import is on the job config, and it is based on the employeeID. We have a username generation rule in global config to generate usernames. We do not have any username mappings on MODIFYUSERDATAJSON.

The mapped Manager_ID is a column on workday RAAS which is the employeeID of manager.

Please let me know if you need further information.

Thank you

Instead of mapping directly to manager field map to owner field which will resolve rule and user history issue

owner field internally updates manager to user


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NDY
New Contributor III
New Contributor III

From my investigation of the existing scenario so far, what I found is when a manager is updated on Workday, Saviynt appropriately reflects this on the users detail page but does not show it on user's update history. As such the change of manager happens on the backend which is not visible to us. Similarly, along with manger, it also updates the owner on the backend which is not visible to us as well.  

Thus, the only update we see in update history is of the new owner username to employeeID change.

However, I also found some users where the system is working since we can see owner change, Owner's username to employeeID change and manger's username changed. It looks like Saviynt is not consistently handling the owner change properly.

Is there something we can do to fix this and make all the changes to owner and manager field visible in users' update history?

 

This can be product enhancement on user update history. You can raise enhancement 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NDY
New Contributor III
New Contributor III

We can see such changes in user update history for some users and not for others. The problem is it is not consistent.  For example, this worked fine.

NPY_0-1716486564561.png

 

  • Is this worked from UI Import ?
  • UI update>
  • Job Import 

Validate and confirm which use case is failing


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NDY
New Contributor III
New Contributor III

No, it is scheduled user import job from workday connection.

In user import it works inconsistently ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

NDY
New Contributor III
New Contributor III

Yes, it works for some and not for others.

Its data issue then


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

@NDY : I am confused with your statement mentioned you don't have any username mapping directly but using username generation rule in global config. -But this will not work in case of import

Anyway can you change your mapping to originally what you have used and change the user update rule to use owner filed instead of manager for Is Updated? Like below and see if that works

Saathvik_0-1716477675879.png

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

NDY
New Contributor III
New Contributor III

Thanks for the input, Saathvik. This solution will help us to trigger the user update rule, but we need to see the owner and manager field change in the user's update history properly which is not currently visible for all users.

NDY
New Contributor III
New Contributor III

Hi Rushikesh,

I changed the mapping to Owner from Manager which triggered the manager user update rule, but the manager is not updated under user details. FYI, the column on Workday that I mapped for Owner has employeeId and not the username. 

 I changed from "MANAGER": "wd:Manager_ID~#~string"

to 

"Owner": "wd:Manager_ID~#~string"