We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Salesforce - Entitlements are getting removed without any action from accounts

Varshi_Balaji
New Contributor III
New Contributor III

Hi Team,

We observed that in salesforce application,entitlemnets are added to the user accounts as(Roles and profile).

But after sometime it is getting removed without any remove access task generted.

And when we trigger account recon role and profile is added back to user. And it is removing without action. There is no pattern when these roles and profiles getting removed.

But in target it is present, only in saviynt it is removed.

We created the saviynt ticket also for this. 

If anyone observed this issue ,let us know.

 

14 REPLIES 14

naveenss
All-Star
All-Star

Hi @Varshi_Balaji  for Salesforce always run account import first followed by access import to avoid this case. You should stop seeing this issue once you start running the account import first followed by access import.

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Hi Naveen,

We are following the same order only, we are running account recon first and let access recon.

Still we are acing the issue.

Regards,

Varshitha

@Varshi_Balaji  ok thanks for confirming. In our case the reordering of account and accesss recon solved the issue. 

Is the behavior same if you're executing the access first and then account import?

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Yes, it is like after account recon entitlemnets will be added to account but after sometime without any job trigger it will be removed.

But I will check the access recon first and then account recon.

Regards,

Varshitha

prasannta
Saviynt Employee
Saviynt Employee

Please try setting the connectiontimeoutconfig and test again. You should work with your application team to set these values. Below is a sample:

"connectionTimeoutConfig": {
"connectionTimeout": 10,
"readTimeout": 120,
"writeTimeout": 120,
"retryWait": 2,
"retryCount": 3
}

Additionally, please refer the salesforce connector documentation for more details.

Thanks

Varshi_Balaji
New Contributor III
New Contributor III

Hi Prasannta,

Can you please provide the document for this.

Regards,

Varshitha

Varshi_Balaji
New Contributor III
New Contributor III

Hi,

Can you please verify is it the correct format

 

{
"statusAndThresholdConfig": {
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"statusColumn": "customproperty10",
"activeStatus": [
"true"
],
"deleteLinks": true,
"lockedStatusColumn": "customproperty22",
"lockedStatusMapping": {
"Locked": [
"1"
],
"Unlocked": [
"0"
]
}
"connectionTimeoutConfig": {
"connectionTimeout": 10,
"readTimeout": 120,
"writeTimeout": 120,
"retryWait": 2,
"retryCount": 3
}
}
}

Hi,

We added this in  CUSTOMCONFIGJSON and after one day role and profile is getting removed.

Regards,

Varshitha

prasannta
Saviynt Employee
Saviynt Employee

Hi @Varshi_Balaji 

Are you seeing any errors in log for after the access import job is completed?

You can find the salesforce connector guide here:

https://docs.saviyntcloud.com/bundle/Salesforce-v23x/page/Content/Salesforce-Integration-Overview.ht...

Thanks

Hi Prasannta,

We are not seeing any error in the logs after access recon is completed.

Thank you for the document.

Regards,

Varshitha

Hi Prasannta,

We have one sav to sav connection which updates the status of the account to active or inactive in Saviynt. It will update only in saviynt and not in target.
When that sav to sav connection is updating the status of the account roles and profiles are getting removed and when account recon is triggered it is added back.

Query of sav to sav connection

select a.name as name,a.accountid as accountid,
case when (a.customproperty9='true') and (a2.customproperty2 = 'true') then '2'
when (a.customproperty9='true') and (a2.customproperty2 = 'false') then '1' else a.status end as status
from users u, accounts a, user_accounts ua, accounts a2
where u.userkey = ua.userkey
and a.accountkey = ua.accountkey
and a.endpointkey in (select endpointkey from endpoints where endpointname = 'Test')
and a2.endpointkey in (select endpointkey from endpoints where endpointname = 'Test1')
and a2.name = a.accountid

Regards,

Varshitha

HI @Varshi_Balaji 

I believe the above is Account import xml and in that while mentioning description and increment column, add this field as well deleteaccountentitlement = false , if its true then it will delete the entitlement.

Also add the ent tables also in the select query to take into account as well.

 

Thanks

Darshan

Jaya
Regular Contributor II
Regular Contributor II

Hi @Varshi_Balaji ,

We are also facing same issue with Salesforce Roles.

Let me know if you are able to solve this please.

Thanks
Jaya Karothia

Varshi_Balaji
New Contributor III
New Contributor III

Hi Darshan,

We tested and it is working now, entitlements are not getting removed after changing deleteaccountentitlement = false.

Thank you for the support

Regards,

Varshitha