Saviynt Forums

Saviynt_Savvy · ‎07/15/2023

Below is my requirement:
Here I need to Remove/Disable the account based on the action taken by different means.

One-Click Disable=Account Disabled & move the account to OU1
"Remove Account" Actionable Analytic Report=Account Removed & move the account to OU2.
User Update Rule or any other action =Account Disable & don't move the account to any OU, just disable it & keep it in the same OU.

I'm using the below REMOVE ACCOUNT JSON, but the Remove account task is still in the pending list & there is no ERROR log in any log detail.

What might be the reason?

{
"removeAction": "${if (task.source=='ONECLICKDISABLE'){'SUSPEND'} else if (task.source=='ANALYTICS_V2'){'DELETE'} else {'DELETE'}}",

"moveUsertoOU": "${if (task.source=='ONECLICKDISABLE'){OU=DUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com} else if (task.source=='ANALYTICS_V2'){OU=RUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com} else {OU=users,OU=saviynt,DC=XXXXXX,DC=com}}",

"deleteAllGroups": "${if (task.source=='ONECLICKDISABLE'){'No'} else if (task.source=='ANALYTICS_V2'){'Yes'} else {'Yes'}}",

"userAccountControl": "514"
}

pmahalle · ‎07/15/2023

Hi @Saviynt_Savvy ,

Can you try below REMOVE ACCOUNT JSON:

{
"removeAction": "${if (task.source=='ONECLICKDISABLE'){'SUSPEND'} else if (task.source=='ANALYTICS_V2'){'DELETE'} else {'DELETE'}}",
"moveUsertoOU": "${if (task.source=='ONECLICKDISABLE'){'OU=DUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else if (task.source=='ANALYTICS_V2'){'OU=RUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else {'OU=users,OU=saviynt,DC=XXXXXX,DC=com'}}",
"deleteAllGroups": "${if (task.source=='ONECLICKDISABLE'){'No'} else if (task.source=='ANALYTICS_V2'){'Yes'} else {'Yes'}}",
"userAccountControl": "514"
}

Regards,
Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept it As Solution to help others who may have a similar problem.

Saviynt_Savvy · ‎07/16/2023

Hi Phanidra,

Thanks for the answer.
Can you suggest which option should I select as "Default Action for Analytics" to remove the account.
Because I could see only the DISABLE & DELETE account options in Actionable Analytics, though the DISABLE ACCOUNT will trigger the Disable Account Json, which JSON will be trigged for the DELETE ACCOUNT.

Let me know which option should I choose in the Actionable Analytic Report, so that it will create REMOVE ACCOUNT task / will trigger the REMOVE ACCOUNT JSON.

pmahalle · ‎07/16/2023

H @Saviynt_Savvy

Can you try DELETE ACCOUNT as default action for analytics to remove account.

Regards,
Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept it As Solution to help others who may have a similar problem.

Saviynt_learner · ‎07/16/2023

in analytics query keep 'Default Action for Analytics' as 'Delete account", but in 'Allowed Action' select 'deprovision account' so it will trigger 'remove account' task instead of 'delete account' and uses remove account json.

Hope this helps. feel free to let me know if you face any error.

Saviynt_Savvy · ‎07/17/2023

Hi @Saviynt_learner,
Thanks for the response.

The below JSON is able to DISABLE the account & can move the account to OU=DISUSER.
But INCASE OF deleting the account through ACTIONALBE ANALYTICS, it is not moving the accounts to the OU=RUSER.
Could you find out the error, please.

{
"removeAction": "${if (task.source=='ONECLICKDISABLE'){'SUSPEND'} else if (task.source=='ANALYTICS_V2'){'DELETE'} else {'DELETE'}}",
"moveUsertoOU": "${if (task.source=='ONECLICKDISABLE'){'OU=DUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else if (task.source=='ANALYTICS_V2'){'OU=RUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else {'OU=users,OU=saviynt,DC=XXXXXX,DC=com'}}",
"deleteAllGroups": "${if (task.source=='ONECLICKDISABLE'){'No'} else if (task.source=='ANALYTICS_V2'){'Yes'} else {'Yes'}}",
"userAccountControl": "514"
}

Saviynt_learner · ‎07/17/2023

hello @Saviynt_Savvy ,

unfortunately, if you delete an account , then you cant move to any OU as it gets deleted.

Also there is no requirement to do it as well. incase if you want to move terminated user to any OU then disable and move. Hope Its helpful.

armaanzahir · ‎07/17/2023

Hi @Saviynt_Savvy ,

You have chosen the "Delete" operation in scenarios when the task source is the analytic. The delete operation hard deletes the account and does not suspend it. There would be no account to move if the operation chosen is delete.

{
"removeAction": "${if (task.source=='ONECLICKDISABLE'){'SUSPEND'} else if (task.source=='ANALYTICS_V2'){'SUSPEND'} else {'DELETE'}}",
"moveUsertoOU": "${if (task.source=='ONECLICKDISABLE'){'OU=DUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else if (task.source=='ANALYTICS_V2'){'OU=RUSER,OU=users,OU=saviynt,DC=XXXXXX,DC=com'} else {'OU=users,OU=saviynt,DC=XXXXXX,DC=com'}}",
"deleteAllGroups": "${if (task.source=='ONECLICKDISABLE'){'No'} else if (task.source=='ANALYTICS_V2'){'Yes'} else {'Yes'}}",
"userAccountControl": "514"
}

The above snippet would disable and move the account to RUSER in case the task source is analytics.

Thanks,

Armaan

Regards,
Md Armaan Zahir

armaanzahir · ‎07/17/2023

Hi @Saviynt_Savvy ,

Please refer to the screenshot below:

deprovisionAccount for v2 analytics and deprovisionAccount for v1 analytics.

Ref: Configuring Allowed Actions (saviyntcloud.com)

Thanks,

Armaan

Regards,
Md Armaan Zahir