Click HERE to see how Saviynt Intelligence is transforming the industry. |
05/27/2024 12:15 AM
Hello Everyone,
I am provisioning a user to Active Directory with some birthright access using a technical rule. The account and access are provisioned upon user creation, but the account is created in AD in a disabled state. How can I ensure the AD account is provisioned in a disabled state ? Additionally, is it feasible to add access to a disabled account?
Thanks,
Chirag Gupta
Solved! Go to Solution.
05/27/2024 05:12 AM - edited 05/27/2024 05:19 AM
The createaccountjson for AD connector lets you set certain attributes on creation, and one of it is the UserAccountControl which decides whether the account is active or disabled.
Passing the uac as 514 would create the account, in the disabled state.
For adding the access to inactive acccount, it might not be feasible.
Forums: Add access to inactive accounts
An idea had been raised for the same, and the solutioning of this would be present in a future release of the product.
https://ideas.saviynt.com/ideas/EIC-I-3334
05/27/2024 05:21 AM
Thanks for your reply Armaan. My main concern is whether we can add access to a disabled account. I attempted to add access to the disabled account, but Saviynt didn't create any add access task for it. How can we resolve this issue?
Thanks,
Chirag Gupta
05/27/2024 05:22 AM
That is not supported currently @Chirag_Gupta .
For adding the access to inactive acccount, it might not be feasible.
Forums: Add access to inactive accounts
An idea had been raised for the same, and the solutioning of this would be present in a future release of the product.
https://ideas.saviynt.com/ideas/EIC-I-3334
05/27/2024 08:56 AM
Keep account active for sometime after all tasks completed using actionable analytics make account disable
06/07/2024 01:36 AM - edited 06/07/2024 01:36 AM
Hello @VrushaliL
Here's a refined version:
What would be the optimal method to accomplish this task? I'm contemplating the following steps; please advise if any adjustments or enhancements are necessary:
Step 1: Initiate the birthright process to establish an Active Directory (AD) account while assigning relevant permissions accordingly.
Step 2: Leverage SAV4SAV to populate individual user properties promptly post AD account creation.
Step 3: Harness these user custom properties to streamline the automation of account deactivation once all requisite tasks have been fulfilled.
Thanks,
Chirag Gupta
06/08/2024 09:27 AM
You can follow above approach