Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP ECC - Termination and lock/unlock

shivmano
Regular Contributor III
Regular Contributor III

‎04/25/2024 12:57 AM - last edited on ‎04/25/2024 02:32 AM by Community Manager

Hi Team,

I have the below requirements to be performed from Saviynt for SAP user 

1) In case of termination, user's SAP account should be locked, 'Valid through' to be updated with enddate, remove all the SAP roles, add user to the usergroup 'ABC'

I have the below configurations on my SAP connector:

TERMINATED_USER_ROLE_ACTION - REMOVE

TERMINATEDUSERGROUP - ABC

I am trying to generate a disable account task and update account task from rules. The update account task is setting the enddate from Saviynt, but the Disable account task is only locking the account in SAP. It is not moving user to the TERMINATEDUSERGROUP and removing the roles 

As per documentation - "REMOVE: Use this option to disable the account and remove the role."

Please advise what could be the issue here?

2) Lock/Unlock SAP account from rules and ARS - how can this be achieved? Can I just create a lock and unlock task and will it happen in the backend? 

Thank you 

I was able to figure out the termination scenario. Would still like to understand how can I lock or unlock the account from Saviynt

[This message has been edited by moderator to merge reply comment]

Labels:
0 Kudos
2 REPLIES 2

shivmano
Regular Contributor III
Regular Contributor III

‎04/25/2024 04:55 AM

It looks like enable/disable does the lock/unlock in SAP. 

0 Kudos

rushikeshvartak
All-Star
All-Star

‎04/25/2024 09:20 PM

Lock/Unlock works on accounts Locked Status . Populate same using status threshold config

Sample Below

{
  "statusAndThresholdConfig": {
    "accountThresholdValue": 1000,
    "correlateInactiveAccounts": true,
    "statusColumn": "customproperty10",
    "activeStatus": [
      "true"
    ],
    "deleteLinks": true,
    "lockedStatusColumn": "customproperty22",
    "lockedStatusMapping": {
      "Locked": [
        "1"
      ],
      "Unlocked": [
        "0"
      ]
    }
  }
}

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC