Click HERE to see how Saviynt Intelligence is transforming the industry. |
04/25/2024 12:57 AM - last edited on 04/25/2024 02:32 AM by Sunil
Hi Team,
I have the below requirements to be performed from Saviynt for SAP user
1) In case of termination, user's SAP account should be locked, 'Valid through' to be updated with enddate, remove all the SAP roles, add user to the usergroup 'ABC'
I have the below configurations on my SAP connector:
TERMINATED_USER_ROLE_ACTION - REMOVE
TERMINATEDUSERGROUP - ABC
I am trying to generate a disable account task and update account task from rules. The update account task is setting the enddate from Saviynt, but the Disable account task is only locking the account in SAP. It is not moving user to the TERMINATEDUSERGROUP and removing the roles
As per documentation - "REMOVE: Use this option to disable the account and remove the role."
Please advise what could be the issue here?
2) Lock/Unlock SAP account from rules and ARS - how can this be achieved? Can I just create a lock and unlock task and will it happen in the backend?
Thank you
I was able to figure out the termination scenario. Would still like to understand how can I lock or unlock the account from Saviynt
[This message has been edited by moderator to merge reply comment]
04/25/2024 04:55 AM
It looks like enable/disable does the lock/unlock in SAP.
04/25/2024 09:20 PM
Lock/Unlock works on accounts Locked Status . Populate same using status threshold config
Sample Below
{
"statusAndThresholdConfig": {
"accountThresholdValue": 1000,
"correlateInactiveAccounts": true,
"statusColumn": "customproperty10",
"activeStatus": [
"true"
],
"deleteLinks": true,
"lockedStatusColumn": "customproperty22",
"lockedStatusMapping": {
"Locked": [
"1"
],
"Unlocked": [
"0"
]
}
}
}