Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Nested Active Directory groups not getting removed upon removal of parent group

Santosh
Regular Contributor
Regular Contributor

Hello all, we have launched the access certification (manager). The disconnected application's entitlement has AD entitlement as other entitlement(nested). During the ARS if disconnected application group is added or removed, so did the nested group. But now during the certification the disconnected application's access removal only generated the pending task for that particular application and not the Active Directory. Is there anything I need to do to make sure it works as in ARS?

5 REPLIES 5

rushikeshvartak
All-Star
All-Star

Are you using entitlement map ? If yes then this expected behavior .

for AD entitlement should be removed from ad application 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

AD is not being reviewed only the disconnected application is and yes, we did entitlement map has request filter =true, add dependent task =true, remove ent task =true and exclude entitlement=false.

With the same configuration, the ARS works on addition/removal of both disconnected entitlement and AD simultaneously under pending tasks.

Santosh
Regular Contributor
Regular Contributor

Just checked the documentation and they are supported only via EO certification. Isn't there any work around like via analytics or a custom rule? When is entitlement revoked from certification also result in revoke mapped entitlement/child entitlement?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Thank you @rushikeshvartak for confirming. I'll spend some time to over this one and will update how it goes.