Saviynt Forums

Yes thats true job will trigger Accounts Import XML.

Create Account JSON is triggered only when user request from ARS Request form or via Update rule etc

@rushikeshvartak The security system is not requestable, and nothing in theTechnicalRule or User Update Rule about saviyntForSaviynt system. But sometime it get trigger. Trying to understand where.  Will try to debug

Can you let me know task type, task source when it got created 

How to find ?

1. select a.name,t.TASKKEY, t.tasktype,t.source from arstasks t,accounts a where a.ARSTASKKEY = t.TASKKEY and a.name='ACCOUNTNAME'

Tried to replace the account name by one who have the saviynt for saviynt account and receive no data found in the Data Analyzer

can you check job id of account(accounts table) & source from where account is created

I found the jobId but what did you mean by "source". didnt find field or table containing that name

Please query on ecmimportjob to check source of job . 

select e.* from accounts a join ecmimportjob e on e.jobid = a.jobid where a.jobid=67006 and accountid like '%traore%'

So it tell is the  job SaviyntForSaviyntAccountsImportJobTrigger that trigger it. But there is no scheduled on the job, so something else might trigger it 

Job id is last imported job id from target. hence it wont be useful to find source of account creation

• please find logs when account got create
• check request for account
• check tasks for account

@Jillustre,

Could you elaborate a bit more on your use case ? Are you sayig that Saviynt is generating a createAccount task for SaviyntForSaviynt connections when you do not have any configurations done for it ?

No, we have a DB connection  set and this into the createAccountJson : 

{"createAccountQry":["Insert into accounts(accountID,name,created_on,creator,endpointkey,orphan,status,systemid,updatedate) VALUES ('','${user.username}',utc_timestamp(),'System Generated',${task.endpoint.id},0,'1',${task.endpoint.securitysystemkey.id},utc_timestamp());"]}

Some of your User get it created, and dome dont have it. So I was asking to find out when and where the account is created :S

@Jillustre,

There must be some technical rule that triggers to create an account if they are being done via rules. Perhaps you can check the rules to see if there is any. There are other ways to create account, via ARS, API etc.

Try the query below in your data Analyzer and see if there has been any create account tasks created for the endpoint.

Select ars.TASKKEY,ars.ACCOUNTNAME,ars.ASSIGNEDFROMROLES,ASSIGNEDFROMRULE,ars.status as 'Task Status' from arstasks ars
join endpoints ep on ep.ENDPOINTKEY=ars.ENDPOINT
where ars.TASKTYPE=3 and ep.ENDPOINTNAME='SaviyntForSaviynt'

My impression... the creation account is call via API.

@avinashchhetri when I try you query, it return "No Data Found."

@Jillustre,

So there is no create account task created for your endpoint which means the CreateAccountJson never got triggered.

@Jillustre,

If reconciliation has been scheduled, that may have created the accounts. When SaviyntForSaviynt is turned ON, these JSON's are auto populated based on the configurations selected. However that doesn't necessarily mean that the functonality is used, which is what it seems in your case for Create Accounts.

Your latest created users have account created ?

How did you ceate the users, from UI ? And upon doing so, they automatically got the SaviyntForSaviynt account ?

User is created by a job (User Import via a connection(UserImportJob). connection attached is our HR system. So when a user get created in HR, each day the job trigger at 9:00AM (UTC) to import them in saviynt

• Does WSRetry scheduled ?
• Can you check all tasks created for Saviynt4Saviynt Endpoint

@rushikeshvartak 

• No wsRetry for endpoint SaviyntForSaviynt
• No task created (nothing in pending or completed task for that security system)

Something must trigger SaviyntForSaviyntAccountsFullImportJobTrigger. I made a test on dev environment, I took someone who didnt have the Saviynt4Saviynt account. Then I ran that job manually, nothing appears for lastrun and status but when I go on that user, he have now the account. Also in completed task there is nothing.

So from my comprehension, something trigger it somehow

@avinashchhetri 

I tried what you mention and there I can see the insert with the new job creation. So there is something wrong, maybe a bug for the existing one because is not showing in logs

The original job, is it created by default when Enable saviyntForSaviynt is checked? Or it need to be created manually? If it was created by default, maybe there is a bug into it and I should raise a support ticket direct to saviynt

Yes Jobs comes with pre-package but you need to schedule 

Yes same with my end its running but not capturing history seems issue. You can create new job