Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Provisioning Active Directory Account in Disabled State with Birthright Access

Go to solution
Chirag_Gupta
New Contributor II
New Contributor II

‎05/27/2024 12:15 AM

Hello Everyone,

I am provisioning a user to Active Directory with some birthright access using a technical rule. The account and access are provisioned upon user creation, but the account is created in AD in a disabled state. How can I ensure the AD account is provisioned in a disabled state ? Additionally, is it feasible to add access to a disabled account?

Thanks,

Chirag Gupta

Labels:
0 Kudos
6 REPLIES 6

Go to solution
armaanzahir
Valued Contributor
Valued Contributor

‎05/27/2024 05:12 AM - edited ‎05/27/2024 05:19 AM

@Chirag_Gupta 

The createaccountjson for AD connector lets you set certain attributes on creation, and one of it is the UserAccountControl which decides whether the account is active or disabled. 

Passing the uac as 514 would create the account, in the disabled state.

For adding the access to inactive acccount, it might not be feasible. 

Forums: Add access to inactive accounts

An idea had been raised for the same, and the solutioning of this would be present in a future release of the product.

https://ideas.saviynt.com/ideas/EIC-I-3334

 

Regards,
Md Armaan Zahir
0 Kudos

Go to solution
Chirag_Gupta
New Contributor II
New Contributor II
In response to armaanzahir

‎05/27/2024 05:21 AM

Thanks for your reply Armaan. My main concern is whether we can add access to a disabled account. I attempted to add access to the disabled account, but Saviynt didn't create any add access task for it. How can we resolve this issue?

Thanks,

Chirag Gupta

0 Kudos

Go to solution
armaanzahir
Valued Contributor
Valued Contributor
In response to Chirag_Gupta

‎05/27/2024 05:22 AM

That is not supported currently @Chirag_Gupta .

For adding the access to inactive acccount, it might not be feasible. 

Forums: Add access to inactive accounts

An idea had been raised for the same, and the solutioning of this would be present in a future release of the product.

https://ideas.saviynt.com/ideas/EIC-I-3334

 

Regards,
Md Armaan Zahir
0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Chirag_Gupta

‎05/27/2024 08:56 AM

Keep account active for sometime after all tasks completed using actionable analytics make account disable


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Go to solution
Chirag_Gupta
New Contributor II
New Contributor II

‎06/07/2024 01:36 AM - edited ‎06/07/2024 01:36 AM

Hello @VrushaliL 

Here's a refined version:

What would be the optimal method to accomplish this task? I'm contemplating the following steps; please advise if any adjustments or enhancements are necessary:

Step 1: Initiate the birthright process to establish an Active Directory (AD) account while assigning relevant permissions accordingly.

Step 2: Leverage SAV4SAV to populate individual user properties promptly post AD account creation.

Step 3: Harness these user custom properties to streamline the automation of account deactivation once all requisite tasks have been fulfilled.

Thanks,

Chirag Gupta

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Chirag_Gupta

‎06/08/2024 09:27 AM

You can follow above approach 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC