Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Need information on the endpoint configuration

Tejsvi
New Contributor II
New Contributor II

Hi Team,

We need information on one of the below endpoint configuration.

Tejsvi_0-1678379951296.png

 

What is the use of this specific config at endpoint level. Please check and suggest

 

Regards,

Tejsvi Kumar

4 REPLIES 4

pruthvi_t
Saviynt Employee
Saviynt Employee

HI @Tejsvi ,

By selecting the account type here, the revoke tasks will not be created for those type of accounts even if an account is removed.

For example, if you don't want to create revoke tasks for service accounts which are part of a campaign. So if you add account type as 'Serviceaccount' for this endpoint, when campaign looks to create revoke tasks for the accounts as per the actions, it will take this config into consideration and will not create revoke tasks for the accounts with 'Service account' as account type in this case.

Even though the campaign level configs like 'Create revoke tasks on locking and expiration' are turned on, it will not create revoke tasks for accounts with account type mentioned in this config for this endpoint.

Please refer to below document by searching with the config for more information:

https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter04-Onboarding-and-Managing-A...

Thanks,


Regards,
Pruthvi

RakeshMG
Saviynt Employee
Saviynt Employee

Account Type for which Deprovisioning Tasks should not get created

Used to specify the account type for which revoke tasks should not get created, even if an account is removed.

For instance, account types can be selected, for which the de-provisioning tasks will not get created, even if the account type is removed through certification. 

The revoke tasks from the campaigns are triggered based on the values in Endpoint > Account Type for which Deprovisioning Tasks should not get created. The system does not create revoke tasks for the account even if revoke tasks campaign configuration is enabled. Also, the revoke tasks are not createdon Locking or Expiring, even though Create Revoke Tasks on Locking or Create Revoke Tasks on Expiring is turned on. This is applicable for all the campaign types (EO, RO, UG and Service Account). 

 

For more details on Endpoint configurations please refer to following document : https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter04-Onboarding-and-Managing-A...


​Regards

Rakesh M Goudar

Tejsvi
New Contributor II
New Contributor II

Thank you for response but my concern is... we have not selected any value but still we see some selection with cross mark

Tejsvi_0-1678382361671.png

Right now for this application, no remove access tasks getting generated even when we are trying to revoke the account.

Secondly, in case if I remove this cross mark then what will be the impact...is it going to solve my problem.. Pls suggest.

Regards,

Tejsvi Kumar

pruthvi_t
Saviynt Employee
Saviynt Employee

@Tejsvi ,

If you don't have a standing requirement for the config, then you can go ahead and clear it. However, if you'd like to see if there is any value present in it, you can use the data analyzer to check 'ACCOUNTTYPENODEPROVISION' value in endpoints table for respective endpoint.

The above mentioned column stores our selection for the config in respective endpoints. So if you see empty value in DB and if you don't have any requirement, please go ahead and remove the value from UI and see if revoke tasks are getting created.

Thanks,


Regards,
Pruthvi