Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/24/2023 04:27 AM
Hi Team,
We have the below requirement: If the user is not logged in the target application side(SAP system) for 30 days,account will be locked in the target side and during the reconciliation of Accounts import from target to Saviynt, Account status will be changed to inactive in Saviynt.
After couple of days, if the user's status changed to inactive through the user import from any HR system, during the rule run process/any access removal process, Remove AccessTasks are not generating for inactive Accounts and Remove access tasks are generating for only Active Accounts .
Is there anyway which we can trigger the Remove Access for inactive Accounts and inactive users as well during the termination of the user in Saviynt ?
10/24/2023 06:30 AM
Have you tried enabling below config?
Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
10/24/2023 06:37 AM
@AravindK refer this
11/03/2023 04:13 AM
Hi @SumathiSomala @dgandhi ,
The suggested config is already enabled in our environment. However this is not meeting our expectation.
Our requirement :
1) User is Active and User's Accounts are Inactive :
Enterprise Role have two entitlements( which are belongs to App A, App B and both the associated accounts are inactive) and user is Active. In this case, If we try to raise the Remove request/Add of enterprise role ,tasks are not generating for the add access/remove access for those Accounts(as they are inactive.
- Is there anyway to create the tasks for inactive Accounts as well through enterprise role request?
2) User is Active and Accounts are Active :
Add Tasks are generating as part of the enterprise role request for the accounts. This is working as expected.
Thanks,
Aravind
11/03/2023 04:19 AM
@AravindK Saviynt don't not support to create add/remove access task for inactive account.
It is an expected behavior.
11/03/2023 08:15 PM
This is expected behaviour. try using analytics once
11/27/2023 04:14 AM
Hi @rushikeshvartak @SumathiSomala
Is there any workaround for our requirement to trigger the the remove access tasks ? If we submit the enterprise role requests Via Bulk or manually from ARS ?
Thanks,
Aravind
11/29/2023 07:21 PM
You can create analytics report & try using bulk import
11/29/2023 07:10 AM
HI team
This cannot be an expected behavior as when user is locked we should be able to
1. Remove the access should work whenever user is locked or not.
2. Whenever user is locked we should receive any information about it and not just task is dropped.
Thanks
Leszek
11/29/2023 07:20 PM
You can raise idea ticket for same.
11/29/2023 11:08 PM
You mean that we should raise idea ticket for security issue? that should be your top priority.
Why should we have an Access management tool that does not handel access process request or access removal process ?
This is clear that this is an ISSUE not an idea.
Please advice how to deal with that. (proper solution)
12/04/2023 08:24 AM
As per the above conversation my understanding is the issue when you are raising with enterprise role request add/ remove for active users ( tasks are not created for inactive accounts ).
Can you please let us know in which version you are facing the issue.
We had this issue and it was fixed in 23.8 EIC version of saviynt.
Thanks
Darshan