We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

How to delete AD account after period of time?

jralexander137
New Contributor II
New Contributor II

Hi! I am trying to determine how to go about deleting/removing AD accounts after 14 days have passed. I don't see any remove/delete account option under the user update rules actions to even trigger a deletion. Is there any docs on achieving this? The AD connector has a removeAccountJson available I don't see anyway to trigger that action let alone queue it up for a later date. Any guidance would be greatly appreciated!

2 REPLIES 2

SumathiSomala
All-Star
All-Star

@jralexander137 DId you check user update rules -Action as Deprovision Access and Execute on option?

SumathiSomala_0-1704206616314.png

Refer below doc for more info

Creating User Update Rules (saviyntcloud.com)

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

rushikeshvartak
All-Star
All-Star

You can use the 'Execute On' option to create future-dated tasks.

Documentation : https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter05-Policies/Creating-User-Up...

Leaver Use Case 1: An organization has a requirement to remove access on day 0 and remove account on day 30 for AD. This can be accomplished in a single user update rule by selecting 2 different actions. When the rule condition is met and rule is evaluated, future-dated tasks are created for each action with start date = current date + the value selected in the 'Execute On' dropdown. To accomplish this use-case, select:

  • For Removing Access on zero day: Select Deprovision Access action followed by selecting endpoint as AD, action as Access Only and Execute On leave it empty. By default, when Execute On is empty, it completes the task on day 0 when WSRETRY is run and completes the remove access task and deprovisions access from the AD endpoint.
  • For Removing Account on Day 30: Select Account Only action followed by selecting endpoint as AD, action as Account Only, and Execute On specify 30 days. Remove account tasks will be created but the future dated task is completed on 30th day when WSRETRY job runs. As a result, the user's account is removed from the AD endpoint on Day 30.

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.