Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Remove Birthright access if condition fails setting for birthright technical rule is not working

cgowda
New Contributor II
New Contributor II

‎04/10/2023 08:27 AM

Hi Experts,

 

We have 2 technical rules to assign “M365-E5” group for Microsoft 365 Endpoint with different conditions.
  1. Birthright_Payroll_E5
 
If Users.Status = 1 and Users.Employee Type in ('Payroll') and Users.Manager is not null and Users.Title not like ('%MPD%')
Then
Create Account on Microsoft 365
AND Assign Select Microsoft License Type::CN=M365-E5,OU=O365 License Group,OU=SystemUsers,DC=stjudetest,DC=sjcrh,DC=local
 
 “Remove Birthright Access if condition fails” is selected.
 
  1. Birthright_NonPayroll_Students
 
If Users.Status = 1 and Users.Employee Type in ('Contractor') and Users.Title = 'Student' and Users.Manager is not null
Then
Create Account on Microsoft 365
AND Assign Select Microsoft License Type::CN=M365-E5,OU=O365 License Group,OU=SystemUsers,DC=stjudetest,DC=sjcrh,DC=local
 
 
As per the requirement we selected “Remove Birthright Access if condition fails” option for Birthright_Payroll_E5 rule only.
 
When a user with 'Contractor' employeetype gets onboarded or conditions satisfies for the user with Birthright_NonPayroll_Students rule, it is assigning the configured group.
But whenever the “Re-run all provisioning rule” triggers for such user, it is removing the assigned group and Remove Access Task shows as “Birthright Rule Fail”.
The group was assigned via ‘Birthright_NonPayroll_Students’ rule and ‘Remove Birthright Access if condition fails is not selected for this rule and still it removes the group.
 
This is not the expected behavior and we are looking for a fix for this.
 
Please add your inputs/thoughts here to understand the issue better.
 
PS: we already created a ticket with saviynt operation team and they were mentioned this would be future enhancement.
 
Thank You,
Chandan Gowda
0 Kudos
3 REPLIES 3

Rishi
Saviynt Employee
Saviynt Employee

‎04/10/2023 07:15 PM

@cgowda we will try to replicate this scenario in our internal environment and will provide an update accordingly.

0 Kudos

cgowda
New Contributor II
New Contributor II
In response to Rishi

‎04/11/2023 03:52 AM

Thank you Rishi, awaiting for your response.

Regards,

Chandan Gowda

0 Kudos

ParitaSavla
Saviynt Employee
Saviynt Employee

‎04/13/2023 01:39 PM

Can you go to Admin --> Global Configurations --> Rules --> Settings  and check if the below config is enabled or not

Config Name: For Remove Birthright Task check if Access is Assigned From Rule

If it is not enabled, can you enable the same by checking the box and validate if that resolves your issue

ParitaSavla_0-1681418297731.png

 

Hope this helps!

0 Kudos
Copyright © 2024 Khoros, LLC