Click HERE to see how Saviynt Intelligence is transforming the industry. |
06/18/2024 08:00 AM
Hello all,
I am posting to inquire about the possibility of restricting the ability to make access requests for a new identity until their ServiceNow account has been created. So, if a new identity has been created in EIC and a manager would like to provision access for them, the manager would not be able to until the identity's SNOW account is set up.
If SNOW is integrated with EIC, is there an easy way to add this check into an access request workflow? Would it require a custom script, or is it possible to check if an identity has a SNOW account associated with it in EIC?
06/18/2024 11:10 AM - edited 06/18/2024 02:26 PM
06/20/2024 10:54 AM
Thank you for your response - I have 2 clarifying questions, if you are able to answer any:
1. To confirm, does the access query apply to users for whom the request is being MADE FOR? Or, does it apply to the user that is MAKING the reuest on behalf of someone else?
2. In the case of requesting access for multiple users at once, how does the access query work? If one user satisfies the condition and another does not, does the access query have the capability to filter out one user and not the other?
06/20/2024 04:28 PM
06/18/2024 12:45 PM
Hi @logben , you can use endpoint access query to restrict user to create account for an endpoint.
06/18/2024 12:49 PM
Hi @logben , we had a similar use case where we were suppose to only allow specific users to request access to app A based on if they have an account in application B. We use below query in Application/Endpoint A
WHERE users.userkey IN (select ua.userkey from user_accounts ua , accounts a where ua.accountkey=a.accountkey and a.endpointkey=23 and a.name like '%ABC%' and a.customproperty23 = 'XYZ' and a.status=1)
Thanks,
Amit
If this answers your query , please accept solution.
06/20/2024 10:55 AM
Thank you for your response. Please let me know if you are able to answer any of my follow-up questions:
1. To confirm, does the access query apply to users for whom the request is being MADE FOR? Or, does it apply to the user that is MAKING the reuest on behalf of someone else?
2. In the case of requesting access for multiple users at once, how does the access query work? If one user satisfies the condition and another does not, does the access query have the capability to filter out one user and not the other?