Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/09/2024 09:24 AM
Hi everyone,
Context: We want to use Saviynt to manage users with multiple AD accounts, for example, users who have a regular user account and an admin account. So far, we have created a new connection, security system and endpoint to manage these accounts, during the import, we are able to match these accounts to the correct user in Saviynt and also deprovision the secondary account when the main user is offboarded.
My question is: These secondary accounts are being manually created in AD, and imported to Saviynt via Import Job. So if having one of these secondary accounts is part of a role, how can we trigger a deprovision account task when a user moves to a different role that does not include having a secondary account?
Thanks.
07/09/2024 09:39 PM
You can implement using User Update rule
07/10/2024 12:27 PM
Hi,
Thanks for the reply, I thought about that but could not figure out a way to implement a rule for when a user changes roles... Using the jobtitle, manager or department fields for the role would not be an option since the user may move to a Sr. position, manager may change or the user may be working in two departments and still need the secondary account for one of the jobs. Is there another way to remove access to the secondary account?
Thanks,
Daniel G.
07/10/2024 12:48 PM
You can have flag and use actionable analytics as workaround