Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Leaver Exception process based on AD groups

KME
New Contributor III
New Contributor III

‎05/31/2024 04:19 AM - last edited on ‎06/03/2024 12:43 AM by Community Manager

Hi Folks,

We have the below usecase:

There will be requirement that if the users are a part of some specifc AD groups and from specific Departments, then those users should not be offboarded/revoked access even their end date is reached. Those users will be manually processed after review by application team.

How can we acheive this usecase?

As we don't have customqueries, we can't flag those users and thought of using savforsav connection.

Can you guys please provide any inputs on this.
Ex: if user is part of AD Group (ex:HIGHMONITOR) and he is part of department (ex:researcher) then those users should not be offboarded/revoked.

Any ideas on the above usecase folks ?

[This message has been edited by moderator to merge reply comment]

0 Kudos
3 REPLIES 3

rushikeshvartak
All-Star
All-Star

‎06/03/2024 08:36 PM

  • Use Entitlement Custom property and set some value. 
  • before every WSRETRY run Enahaned Query to discontinue the tasks.
  • SELECT
    at1.taskkey as arstasks__primarykey,
    4 as arstasks__status,
    'Access retained as part of skip list, so discontinuing the deprovisioning task.' as arstasks__provisioningcomments
    FROM arstasks at1
    WHERE
    at1.tasktype = 2
    AND EXISTS (
    SELECT 1
    FROM arstasks tk
    JOIN users u1 ON tk.userkey = u1.userkey
    WHERE
    tk.taskkey = at1.taskkey
    AND tk.status = 1
    AND tk.source IN ('PROVRULE', 'ZERODAY')
    AND tk.entitlement_valuekey IN (
    SELECT entitlement_valuekey
    FROM entitlement_values
    WHERE

    customproperty21 = 'Skiplist'
    )
    AND u1.statuskey = 1
    );

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

KME
New Contributor III
New Contributor III

‎06/04/2024 01:31 AM

Hi @rushikeshvartak ,

Thanks a lot for the suggestion.

Could you please confirm if there is any other way to stop creating tasks itself rather discontinuing the task.

The requirement is like that We should not create the tasks itself.

Kindly  provide suggestions on the above use case if any. 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to KME

‎06/04/2024 05:16 AM

No you can’t hold of creating task for specific entitlement 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC