Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Managing multiple AD Accounts for one User

DanielGamboa
New Contributor II
New Contributor II

Hi everyone,

Context: We want to use Saviynt to manage users with multiple AD accounts, for example, users who have a regular user account and an admin account. So far, we have created a new connection, security system and endpoint to manage these accounts, during the import, we are able to match these accounts to the correct user in Saviynt and also deprovision the secondary account when the main user is offboarded.

My question is: These secondary accounts are being manually created in AD, and imported to Saviynt via Import Job. So if having one of these secondary accounts is part of a role, how can we trigger a deprovision account task when a user moves to a different role that does not include having a secondary account?

Thanks.

3 REPLIES 3

rushikeshvartak
All-Star
All-Star

You can implement using User Update rule


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi,

Thanks for the reply, I thought about that but could not figure out a way to implement a rule for when a user changes roles... Using the jobtitle, manager or department fields for the role would not be an option since the user may move to a Sr. position, manager may change or the user may be working in two departments and still need the secondary account for one of the jobs. Is there another way to remove access to the secondary account?

Thanks,

Daniel G.

You can have flag and use actionable analytics as workaround


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.