03/09/2023 08:42 AM
Hi Team,
We need information on one of the below endpoint configuration.
What is the use of this specific config at endpoint level. Please check and suggest
Regards,
Tejsvi Kumar
03/09/2023 09:11 AM
HI @Tejsvi ,
By selecting the account type here, the revoke tasks will not be created for those type of accounts even if an account is removed.
For example, if you don't want to create revoke tasks for service accounts which are part of a campaign. So if you add account type as 'Serviceaccount' for this endpoint, when campaign looks to create revoke tasks for the accounts as per the actions, it will take this config into consideration and will not create revoke tasks for the accounts with 'Service account' as account type in this case.
Even though the campaign level configs like 'Create revoke tasks on locking and expiration' are turned on, it will not create revoke tasks for accounts with account type mentioned in this config for this endpoint.
Please refer to below document by searching with the config for more information:
Thanks,
03/09/2023 09:11 AM
Account Type for which Deprovisioning Tasks should not get created
Used to specify the account type for which revoke tasks should not get created, even if an account is removed.
For instance, account types can be selected, for which the de-provisioning tasks will not get created, even if the account type is removed through certification.
The revoke tasks from the campaigns are triggered based on the values in Endpoint > Account Type for which Deprovisioning Tasks should not get created. The system does not create revoke tasks for the account even if revoke tasks campaign configuration is enabled. Also, the revoke tasks are not createdon Locking or Expiring, even though Create Revoke Tasks on Locking or Create Revoke Tasks on Expiring is turned on. This is applicable for all the campaign types (EO, RO, UG and Service Account).
For more details on Endpoint configurations please refer to following document : https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter04-Onboarding-and-Managing-A...
03/09/2023 09:24 AM
Thank you for response but my concern is... we have not selected any value but still we see some selection with cross mark
Right now for this application, no remove access tasks getting generated even when we are trying to revoke the account.
Secondly, in case if I remove this cross mark then what will be the impact...is it going to solve my problem.. Pls suggest.
Regards,
Tejsvi Kumar
03/09/2023 10:58 AM
@Tejsvi ,
If you don't have a standing requirement for the config, then you can go ahead and clear it. However, if you'd like to see if there is any value present in it, you can use the data analyzer to check 'ACCOUNTTYPENODEPROVISION' value in endpoints table for respective endpoint.
The above mentioned column stores our selection for the config in respective endpoints. So if you see empty value in DB and if you don't have any requirement, please go ahead and remove the value from UI and see if revoke tasks are getting created.
Thanks,