We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

REMOVE ACCOUNT JSON

Saviynt_Savvy
Regular Contributor
Regular Contributor

Below is my requirement:
Here I need to Remove/Disable the account based on the action taken by different means.

One-Click Disable=Account Disabled & move the account to OU1
"Remove Account" Actionable Analytic Report=Account Removed & move the account to OU2.
User Update Rule or any other action =Account Disable & don't move the account to any OU, just disable it & keep it in the same OU.

I'm using the below REMOVE ACCOUNT JSON, but the Remove account task is still in the pending list & there is no ERROR log in any log detail.

What might be the reason?

{
"removeAction": "${if (task.source=='ONECLICKDISABLE'){'SUSPEND'} else if (task.source=='ANALYTICS_V2'){'DELETE'} else {'DELETE'}}",

"moveUsertoOU": "${if (task.source=='ONECLICKDISABLE'){OU=DUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com} else if (task.source=='ANALYTICS_V2'){OU=RUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com} else {OU=users,OU=saviynt,DC=XXXXXX,DC=com}}",

"deleteAllGroups": "${if (task.source=='ONECLICKDISABLE'){'No'} else if (task.source=='ANALYTICS_V2'){'Yes'} else {'Yes'}}",

"userAccountControl": "514"
}

8 REPLIES 8

pmahalle
All-Star
All-Star

Hi @Saviynt_Savvy ,

Can you try below REMOVE ACCOUNT JSON:

{
"removeAction": "${if (task.source=='ONECLICKDISABLE'){'SUSPEND'} else if (task.source=='ANALYTICS_V2'){'DELETE'} else {'DELETE'}}",
"moveUsertoOU": "${if (task.source=='ONECLICKDISABLE'){'OU=DUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else if (task.source=='ANALYTICS_V2'){'OU=RUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else {'OU=users,OU=saviynt,DC=XXXXXX,DC=com'}}",
"deleteAllGroups": "${if (task.source=='ONECLICKDISABLE'){'No'} else if (task.source=='ANALYTICS_V2'){'Yes'} else {'Yes'}}",
"userAccountControl": "514"
}


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

Saviynt_Savvy
Regular Contributor
Regular Contributor

Hi Phanidra,

Thanks for the answer.
Can you suggest which option should I select as "Default Action for Analytics" to remove the account.
Because I could see only the DISABLE & DELETE account options in Actionable Analytics, though the DISABLE ACCOUNT will trigger the Disable Account Json, which  JSON will be trigged for the DELETE ACCOUNT.

Let me know which option should I choose in the Actionable Analytic Report, so that it will create REMOVE ACCOUNT task / will trigger the REMOVE ACCOUNT JSON.

@Saviynt_Savvy 

Can you try DELETE ACCOUNT as default action for analytics to remove account.


Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

in analytics query keep  'Default Action for Analytics' as 'Delete account", but in 'Allowed Action' select 'deprovision account' so it will trigger 'remove account' task instead of 'delete account' and uses remove account json.

 

Hope this helps. feel free to  let me know if you face any error.

Hi @Saviynt_learner,
Thanks for the response.

The below JSON is able to DISABLE the account & can move the account to OU=DISUSER.
But INCASE OF deleting the account through ACTIONALBE ANALYTICS, it is not moving the accounts to the OU=RUSER.
Could you find out the error, please.

{
"removeAction": "${if (task.source=='ONECLICKDISABLE'){'SUSPEND'} else if (task.source=='ANALYTICS_V2'){'DELETE'} else {'DELETE'}}",
"moveUsertoOU": "${if (task.source=='ONECLICKDISABLE'){'OU=DUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else if (task.source=='ANALYTICS_V2'){'OU=RUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else {'OU=users,OU=saviynt,DC=XXXXXX,DC=com'}}",
"deleteAllGroups": "${if (task.source=='ONECLICKDISABLE'){'No'} else if (task.source=='ANALYTICS_V2'){'Yes'} else {'Yes'}}",
"userAccountControl": "514"
}

hello @Saviynt_Savvy ,

unfortunately, if you delete an account , then you cant move to any OU as it gets deleted.

Also there is no requirement to do it as well. incase if you want to move terminated user to any OU then disable and move. Hope Its helpful.

Hi @Saviynt_Savvy ,

You have chosen the "Delete" operation in scenarios when the task source is the analytic. The delete operation hard deletes the account and does not suspend it. There would be no account to move if the operation chosen is delete. 

{
"removeAction": "${if (task.source=='ONECLICKDISABLE'){'SUSPEND'} else if (task.source=='ANALYTICS_V2'){'SUSPEND'} else {'DELETE'}}",
"moveUsertoOU": "${if (task.source=='ONECLICKDISABLE'){'OU=DUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else if (task.source=='ANALYTICS_V2'){'OU=RUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else {'OU=users,OU=saviynt,DC=XXXXXX,DC=com'}}",
"deleteAllGroups": "${if (task.source=='ONECLICKDISABLE'){'No'} else if (task.source=='ANALYTICS_V2'){'Yes'} else {'Yes'}}",
"userAccountControl": "514"
}

The above snippet would disable and move the account to RUSER  in case the task source is analytics.

Thanks,

Armaan

Regards,
Md Armaan Zahir

armaanzahir
Valued Contributor
Valued Contributor

Hi @Saviynt_Savvy ,

Please refer to the screenshot below:

armaanzahir_0-1689581659200.png

deprovisionAccount for v2 analytics and deprovisionAccount for v1 analytics.

Ref: Configuring Allowed Actions (saviyntcloud.com)

Thanks,

Armaan

Regards,
Md Armaan Zahir