Click HERE to see how Saviynt Intelligence is transforming the industry. |
08/28/2024 04:15 AM
Hi Team,
I need some information, have to remove the user from the Ad group memberships 14 days after termination,
Preconditions:
Please share any documentation available for this, share sample JSON if avaialble.
08/28/2024 04:19 AM
Hi @Saikumar2328 you can either use actionable analytics or user update rule for the use case.
08/28/2024 05:13 AM - edited 08/28/2024 09:52 AM
Hi @Saikumar2328 ,
You can use user update rule when status key is updated from 1 to 0 . Take actions --> Disable account on day 0 and de-provision access on day 14th.
This should be enough but if you want to have a report to find anomalies, you can create standard report to find users terminated (using end date) in past (diff greater than 14 days) and users are still inactive but are still having active account and access in AD.
Saviynt also provide a similar report ootb , something like , Inactive Users found with Active Accounts & Access , you can tailor it a bit to match your expectations.
08/28/2024 05:21 AM
09/12/2024 02:36 AM
@rushikeshvartak - Do we have option to remove specific Ad groups and keep some groups active for inactive accounts.
For example user have 3 groups
abc
def
cgh
we need to keep abc group only have to remove def and cgh for inactive accounts.
09/12/2024 03:39 AM
Hi @Saikumar2328 then you have to use analytics to take care of the above requirement.
09/12/2024 10:55 PM
Is there any sample Analytic available for this requirement?
09/12/2024 08:25 AM
09/13/2024 05:54 AM
@rushikeshvartak - Is there any sample enhanced query for this task
09/13/2024 06:20 AM
SELECT at.taskkey AS arstasks__primarykey,
4 AS arstasks__status,
at.provisioningcomments AS arstasks__provisioningcomments
FROM arstasks AS at
JOIN endpoints AS ep
ON at.endpoint = ep.endpointkey
WHERE ep.endpointname = 'ActiveDirectory'
AND at.status = 8 limit 1;