We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Issue with time bound access requests

GauravJain
Regular Contributor
Regular Contributor

Hi

I have onboarded an LDAP application where i want to implement time bound access for LDAP entitlements. I have already made following configurations in "Entitlement Type Details" page as per Saviynt documentation:

1) Ask For Start Date End Date While Request : ON

2) Allow Update of Access End Date: ON

3) Config JSON for Request Dates - End date is mandatory and default access for 1 hour and maximum access for 3 hours.

{ "ENDDATEREQUIRED" : "1", "DEFAULTTIMEFRAMEHRS": "1", "MAXTIMEFRAMEHRS": "3"}

Facing following issues in access request lifecycle:

1) While raising access request if i choose a future start time - for example i am raising request at "23/11/23, 17:46" but i choose start date as "23/11/23, 18:00" and end date as "23/11/23, 19:00"

request is raised successfully but it doesn't create any task for provisioning at the selected start time. Instead, the request shows "Access Granted" after first level of approval (which is an auto approval). But, it has not really granted access to requestor.

2) While raising access request if i go with default timeframe like start date is "23/11/23, 17:46" and end date is "23/11/23, 18:46" then after first level of approval request moves to pending stage and gets provisioned after executing the provisioning job. on the provisioning task if we look at request details, it shows start date as we have selected in request creation but the due date is exactly after 10 days and not as per selected end date. Am i missing any configuration here? or its an issue with time bound access feature?

my expectation from time bound access feature is - it should provision access based on selected start time and revokes it when selected end date arrives.

Note: Provisioning job is running every 30 minutes.

Please let me know if you guys require any further information on above issue. Expecting a quick reply as we are stuck on this.

Regards

Gaurav

 

3 REPLIES 3

rushikeshvartak
All-Star
All-Star

Schedule Create Tasks for Future Ent Role Requests (EnterpriseRoleManagementJob) job to create timebound entitlement task based on start date or end date. Scheudle every 5 minutes 

 

also make sure below config set in global configuration 

Create Task if Start date less than

rushikeshvartak_0-1700782857060.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi - Thanks for your revert.

One thing to clarify is, why Saviynt display request status as "Access Granted" for future start date requests after all approvals? it creates confusion as in users will think access has been granted but that's not the case.

is it possible to show "Pending" or "Approved" kind of status for such future start date access requests?

Regards

Gaurav

Submit Idea Ticket for same.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.