Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to trigger the Remove Access for inactive accounts and Inactive Users

AravindK
Regular Contributor
Regular Contributor

‎10/24/2023 04:27 AM

Hi Team,
We have the below requirement: If the user is not logged in the target application side(SAP system) for 30 days,account will be locked in the target side and during the reconciliation of Accounts import from target to Saviynt, Account status will be changed to inactive in Saviynt.

After couple of days, if the user's status changed to inactive through the user import from any HR system, during the rule run process/any access removal process, Remove AccessTasks are not generating for inactive Accounts and Remove access tasks are generating for only Active Accounts . 
Is there anyway which we can trigger the Remove Access for inactive Accounts and inactive users as well during the termination of the user in Saviynt ?

0 Kudos
11 REPLIES 11

dgandhi
All-Star
All-Star

‎10/24/2023 06:30 AM

Have you tried enabling below config?

dgandhi_0-1698154215073.png

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter06-EIC-Configurations/Config...

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
0 Kudos

SumathiSomala
All-Star
All-Star

‎10/24/2023 06:37 AM

@AravindK refer this

https://forums.saviynt.com/t5/identity-governance/createupdateaccount-task-for-ad-not-triggering-usi...

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

AravindK
Regular Contributor
Regular Contributor

‎11/03/2023 04:13 AM

Hi @SumathiSomala @dgandhi ,
The suggested config is already enabled in our environment. However this is not meeting our expectation.

Our requirement :

1) User is Active and User's Accounts are Inactive :

Enterprise Role have two entitlements( which are belongs to App A, App B and both the associated accounts are inactive) and user is Active. In this case, If we try to raise the Remove request/Add  of enterprise role ,tasks are not generating for the add access/remove access for those Accounts(as they are inactive.

  - Is there anyway to create the tasks for inactive Accounts as well through enterprise role request?

2) User is Active and Accounts are Active :

Add Tasks are generating as part of the enterprise role request for the accounts. This is working as expected.

Thanks,
Aravind

0 Kudos

SumathiSomala
All-Star
All-Star
In response to AravindK

‎11/03/2023 04:19 AM

@AravindK Saviynt don't not support to create add/remove access task for inactive account. 

It is an expected behavior. 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to AravindK

‎11/03/2023 08:15 PM

This is expected behaviour. try using analytics once


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

AravindK
Regular Contributor
Regular Contributor

‎11/27/2023 04:14 AM

Hi @rushikeshvartak @SumathiSomala 
Is there any workaround for our requirement to trigger the the remove access tasks ? If we submit the  enterprise role requests Via Bulk or manually from ARS ?

Thanks,
Aravind


0 Kudos

rushikeshvartak
All-Star
All-Star
In response to AravindK

‎11/29/2023 07:21 PM

You can create analytics report  & try using bulk import 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Leszek
New Contributor
New Contributor

‎11/29/2023 07:10 AM

HI team 

This cannot be an expected behavior as when user is locked we should be able to 

1. Remove the access should work whenever user is locked or not.

2. Whenever user is locked we should receive any information about it and not just task is dropped. 

Thanks

Leszek 

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Leszek

‎11/29/2023 07:20 PM

You can raise idea ticket for same.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Leszek
New Contributor
New Contributor

‎11/29/2023 11:08 PM

You mean that we should raise idea ticket for security issue? that should be your top priority. 

Why should we have an Access management tool that does not handel access process request or access removal process ? 

This is clear that this is an ISSUE not an idea.

Please advice how to deal with that. (proper solution) 

0 Kudos

Darshanjain
Saviynt Employee
Saviynt Employee
In response to Leszek

‎12/04/2023 08:24 AM

Hi @AravindK  & @Leszek 

As per the above conversation my understanding is the issue when you are raising with enterprise role request add/ remove for active users ( tasks are not created for inactive accounts ).

Can you please let us know in which version you are facing the issue.

We had this issue and it was fixed in 23.8 EIC version of  saviynt.

 

Thanks

Darshan

0 Kudos
Copyright © 2024 Khoros, LLC