Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

New account created for users with inactive account

bhushan
New Contributor II
New Contributor II

Hi All,

Issue: New account created for users with inactive accounts
Issue Details: Users have an inactive account in AD and on their profile. When someone adds access to the role which is assigned to the user. An add access task is triggered with new account name with suffix 1,2,3..... as we have entitlements only at the security system level.
We have set the flag REUSEINACTIVEACCOUNT to TRUE in the connector:

bhushan_0-1693589166561.png

Also, at the endpoint we have set disable new account if account already exists to true.

bhushan_1-1693589311372.png

In the account name rule for the endpoint we have unique check to all

bhushan_2-1693589402353.png

We are on v2021
Let me know if anything is missed.

Thanks,
Bhushan

 

4 REPLIES 4

khalidakhter
Saviynt Employee
Saviynt Employee

Hi @bhushan 

You need to populate REUSEACCOUNTJSON parameter in the AD connection to prevent new account creation for inactive accounts with a suffix.
Please refer to the AD Connector for more details.
https://docs.saviyntcloud.com/bundle/AD-v23x/page/Content/Configuring-the-Integration-for-Provisioni...

Thanks

Hi @khalidakhter,

This solution is not working.
I have updated the connection as per the document. It still created a new account for the user with inactive account. The new account creation is as per accountnamerule in the endpoint.

Thanks,
Bhushan

khalidakhter
Saviynt Employee
Saviynt Employee

@bhushanWould you kindly send the entire log of the WSRETRY job for the scenario of creating an account?

Hi @khalidakhter 

The account was created with a new accountname in EIC.

bhushan_1-1693941078947.png

The issue we are facing is with EIC. Inactive account is not updated with the access. New account is created.

Thanks,
Bhushan