Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Pre-processor action before User Inactivation

igaravi
Regular Contributor
Regular Contributor

‎04/18/2023 11:59 AM

We have a use case to add an User to an AD Group before he gets inactivated. The User Import sets User Status based on the User Source system (HR). Is there a way to apply the AD group action before the User Import inactivates the User? We have AD application set up as another Security System/Endpoint.

We added a policy trigger on the User status change which created a pending task for adding group access. But that pending taskk fails with "User is not Active" message.

 

 

1 person had this problem.
Labels:
0 Kudos
4 REPLIES 4

dgandhi
All-Star
All-Star

‎04/18/2023 12:24 PM

Hi @igaravi 

Can you enable below config and try? This will be available in Global Configuration.

dgandhi_0-1681845562127.png

Thanks

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
0 Kudos

rayan-farooq
New Contributor II
New Contributor II
In response to dgandhi

‎04/20/2023 08:52 AM

Hi there, 

That Global Config makes User Update Rules act on inactive users and accounts. The problem is, you can't add access from a User Update Rule. You have to have the User Update Rule re-run a Technical Rule that adds access. Since this global config is limited to user update rules, the technical rule run still generates the same error.

0 Kudos

rushikeshvartak
All-Star
All-Star

‎04/18/2023 08:25 PM

You can create user update rule and create task based on user status changed to inactive


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

rayan-farooq
New Contributor II
New Contributor II
In response to rushikeshvartak

‎04/20/2023 08:55 AM

That's what we've tried, but Saviynt refuses to add access to inactive users. Since the user being inactive is the trigger to disable the account, we can't add access.  Really the "access" in this case is a group that denies a member account access to anything in AD, even if the account is still logged in when the group is added.

0 Kudos
Copyright © 2024 Khoros, LLC