Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

New account created for users with inactive account

bhushan
New Contributor II
New Contributor II

‎09/01/2023 10:33 AM

Hi All,

Issue: New account created for users with inactive accounts
Issue Details: Users have an inactive account in AD and on their profile. When someone adds access to the role which is assigned to the user. An add access task is triggered with new account name with suffix 1,2,3..... as we have entitlements only at the security system level.
We have set the flag REUSEINACTIVEACCOUNT to TRUE in the connector:

bhushan_0-1693589166561.png

Also, at the endpoint we have set disable new account if account already exists to true.

bhushan_1-1693589311372.png

In the account name rule for the endpoint we have unique check to all

bhushan_2-1693589402353.png

We are on v2021
Let me know if anything is missed.

Thanks,
Bhushan

 

1 person had this problem.
Labels:
0 Kudos
4 REPLIES 4

khalidakhter
Saviynt Employee
Saviynt Employee

‎09/04/2023 02:12 AM - edited ‎09/04/2023 02:12 AM

Hi @bhushan 

You need to populate REUSEACCOUNTJSON parameter in the AD connection to prevent new account creation for inactive accounts with a suffix.
Please refer to the AD Connector for more details.
https://docs.saviyntcloud.com/bundle/AD-v23x/page/Content/Configuring-the-Integration-for-Provisioni...

Thanks

0 Kudos

bhushan
New Contributor II
New Contributor II
In response to khalidakhter

‎09/05/2023 07:52 AM

Hi @khalidakhter,

This solution is not working.
I have updated the connection as per the document. It still created a new account for the user with inactive account. The new account creation is as per accountnamerule in the endpoint.

Thanks,
Bhushan

0 Kudos

khalidakhter
Saviynt Employee
Saviynt Employee

‎09/05/2023 11:45 AM

@bhushanWould you kindly send the entire log of the WSRETRY job for the scenario of creating an account?

0 Kudos

bhushan
New Contributor II
New Contributor II
In response to khalidakhter

‎09/05/2023 12:13 PM

Hi @khalidakhter 

The account was created with a new accountname in EIC.

bhushan_1-1693941078947.png

The issue we are facing is with EIC. Inactive account is not updated with the access. New account is created.

Thanks,
Bhushan

0 Kudos
Copyright © 2024 Khoros, LLC