Saviynt Forums

Approach I took to complete this exercise, thanks @CR for the other forum post link with a similar issue:

• Create a analytics configuration that will pull all pending tasks/new tasks created for disconnected application access/account request via birthright/technical or user update rules.
• Note, access type needs to either requestable or if not requestable (none create task) to enable provisioning action
• Global Config setting: make sure that Group emails by username is enabled under Analytics config.
• Analytics config:

SELECT u.username, u.username as 'endpoint owner', A.TASKKEY as 'taskkey', A.ACCOUNTNAME as 'accountname', A.STATUS as 'taskstatus', E.ENDPOINTNAME as 'endpoint', A.OWNERTYPE, U.EMAIL  FROM ARSTASKS A JOIN ENDPOINTS E ON A.ENDPOINT = E.ENDPOINTKEY JOIN USERS U ON E.OWNERKEY = U.USERKEY WHERE E.customproperty6= 'disconnected' AND A.STATUS = 1

order by username;

• We are retrieving information about the user (u.username), endpoint owner (again u.username as 'endpoint owner') (specifying this again seems to be a requirement from a forum post), task key (A.TASKKEY as 'taskkey'), account name (A.ACCOUNTNAME as 'accountname'), task status (A.STATUS as 'taskstatus'), endpoint name (E.ENDPOINTNAME as 'endpoint'), owner type (A.OWNERTYPE), and email (U.EMAIL).
• We are then querying ARSTASKS for all request info about the tasks created, for the tasks in status =1 (new) and joining endpoint information.
• We are then joining userkey with ownerkey on endpoint, so this allows to map the owner and retrieve their username.
• Note: that 'Username' appears to be a required field to pull information from Analytics object into the email body. No documentation available on this, forum posts are vague at best.
• So, to send email to the endpoint owner, Username was mapped to endpoint ownerkey and retrieved into the body and reused in To: field.

• Email Template: Text can be modified according to standards needed.
• Make sure that Advanced HTML CSS is enabled.

<html>

<head>

<style>

table {

 font-family: arial, sans-serif;

 border-collapse: collapse;

 width: 100%;

}



td, th {

 border: 1px solid #dddddd;

 text-align: left;

 padding: 8px;

}



tr:nth-child(even) {

 background-color: #dddddd;

}

</style>

</head>

<body>

Hi Endpoint Owner,<br><br>

The following user(s) hav been assigned account/access to your disconnected application. Please find the details below:<br><br>

<table>

<tr><th>Endpoint Owner</th><th>Account Name</th><th>Endpoint</th><th>Task Key</th></tr>

<% int count=Integer.parseInt("${ANALYTICSDATA.Application.size()}"); for(int i=0;i<count;i=i+1){%><tr><td>${ANALYTICSDATA.'endpoint owner'[i]}</td><td>${ANALYTICSDATA.'accountname'[i]}</td><td>${ANALYTICSDATA.'endpoint'[i]}</td><td>${ANALYTICSDATA.'taskkey'[i]}</td></tr>

<% } %>

</table>

• Endpoint owner, account name, endpoint name and task key are provided in the body for ease of access.

• Test performed with two different endpoints and two different endpoint owners.
• Email was sent to endpoint owners separately for their respective endpoints.
• To achieve this, I added 'disconnected' in a customproperty on endpoint, so we need not create separate queries for each endpoint.
• Once defined and analytics set up to run on a schedule, this process will be automated.