Saviynt Forums

thanks @rushikeshvartak . So, does that mean we should have same field configured at both the places? and if that's not done then Saviynt will create duplicate records for same user?

second thought is, Connector configuration is used to reconcile data with Users table in Saviynt and job configuration is used to reconcile data with some temp table or cache? if that's the case then Saviynt will not create duplicate entries in users table, is it correct understanding?

third, i have configured customproperty37=entryUUID in connector so can i use "customproperty37" in job configuration?

ideally username is considered as primary attribute for recon

Thanks @rushikeshvartak. not sure why documentation is referring to other attribute like "objectGUID / entryUUID" Understanding the Integration Between EIC and LDAP Interfaces (saviyntcloud.com)

now that i have already imported data using "entryUUID", changing this to "username" will create duplicate records so is there any way we can delete existing user data and try fresh?

You can't delete any users data

Do you mean no one can do this? or support team can help us do this?

if that's the case then Saviynt documentation has to be perfect by including all such important pointers.

if above is not feasible, can we mark all the existing users as Inactive in bulk?

Regards

Gaurav

Hi @rushikeshvartak can you please confirm on my query?

Using import sheet you can mark users inactive in bulk . Support team also will not be able to delete users

thanks @rushikeshvartak for the suggestion. i gave it a try and it worked when i did it just for one user. 

later, i increased count of users in csv file to ~2600 and on UI i got this error "504 Bad Gateway" but actually the records were processed by Saviynt in backend.

So, is there any limitation to this functionality? why UI showing 504 error for such a small count of user update?

5 minutes is ideal timeout but records get processed in background

Ok. i could see Http session timeout in Global config which is 30 minutes but didnt find anything related to 5 mins timeout. where i can find this config?

One more question - after our discussion i changed the recon mapping in USER_ATTRIBUTES to "RECONCILATION_FIELD::username" (earlier it was RECONCILATION_FIELD::CUSTOMPROPERTY37 where CUSTOMPROPERTY37::entryUUID#String). Few minutes back i executed the LDAP full user import job but it didn't create duplicate records. I am not able to understand this behavior. Please help.

Hi @rushikeshvartak  can you please through some light on above queries?

another query is - we are using one of ldap attribute to identify user status and that attributes value is either 0 or 1. but for many users that attribute doesn't exist (which also means that those are disabled users in LDAP) in ldap and such users show hyphen ("-") in Status column in Saviynt. Is there a way we can mark such users as Inactive?

Regards

Gaurav

[This post has been edited by a Moderator. We discourage the @ mention of other forum users or employees unless they have already involved themselves on the forum post.]

Use STATUSKEYJSON

Hi @rushikeshvartak i was using it earlier but i am not sure how to catch such users status. i have tried to define all possible values but still it shows hyphen in status.

STATUSKEYJSON = 
{
"STATUS_ACTIVE": [
"1",
],
"STATUS_INACTIVE": [
"0",
"INACTIVE",
"false",
"",
"null"
]
}

what db valule of statuskey 

select distinct statuskey from users

0, 1 & null

PFA screenshot for reference.

Did you tried using #CONST in import json

Do you mean inside USER_ATTRIBUTE config? Can you please share an example how and where i can use #CONST in import user json to achieve my use case? neither i see  any such example in documentation nor it says we can use any expressions in USER_ATTRIBUTE. 

Regards

Gaurav

1) But its clearly mentioned in LDAP connector documentation Understanding the Integration Between EIC and LDAP Interfaces (saviyntcloud.com). How do one know if its not supported?

2) Need your help on this - If we have enabled SSO for Saviynt login and all the existing users becomes "inactive" by mistake then whats the workaround to login and update user status?

#1 Provide feedback on documentation 

#2 Raise support ticket / reach out csm for account