Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/21/2022 12:28 PM - edited 10/21/2022 12:29 PM
Hey folks,
quick question, For Connection Saviynt for Saviynt, how and when the CreateAccountJson is triggered?
thanks
Solved! Go to Solution.
10/21/2022 01:39 PM
CreateAccountJSON will be used for account creation
Accounts will be created in below cases
10/24/2022 05:45 AM
Is not clear for me the first point, still learning.... We didnt have job that trigger saviynt account creation. We have a job that execute the userImport from SaviyntToSaviynt connection like showned below, but it won'T trigger the createAccountJson
10/24/2022 05:56 AM
Yes thats true job will trigger Accounts Import XML.
Create Account JSON is triggered only when user request from ARS Request form or via Update rule etc
10/24/2022 06:02 AM
@rushikeshvartak The security system is not requestable, and nothing in theTechnicalRule or User Update Rule about saviyntForSaviynt system. But sometime it get trigger. Trying to understand where. Will try to debug
10/24/2022 06:14 AM
Can you let me know task type, task source when it got created
How to find ?
10/24/2022 06:21 AM
Tried to replace the account name by one who have the saviynt for saviynt account and receive no data found in the Data Analyzer
10/24/2022 06:24 AM
can you check job id of account(accounts table) & source from where account is created
10/24/2022 06:29 AM
I found the jobId but what did you mean by "source". didnt find field or table containing that name
10/24/2022 06:38 AM
Please query on ecmimportjob to check source of job .
10/24/2022 06:49 AM
10/24/2022 06:52 AM
10/24/2022 06:53 AM
Job id is last imported job id from target. hence it wont be useful to find source of account creation
10/24/2022 07:08 AM
10/24/2022 07:29 AM
Could you elaborate a bit more on your use case ? Are you sayig that Saviynt is generating a createAccount task for SaviyntForSaviynt connections when you do not have any configurations done for it ?
10/24/2022 07:45 AM
No, we have a DB connection set and this into the createAccountJson :
{"createAccountQry":["Insert into accounts(accountID,name,created_on,creator,endpointkey,orphan,status,systemid,updatedate) VALUES ('','${user.username}',utc_timestamp(),'System Generated',${task.endpoint.id},0,'1',${task.endpoint.securitysystemkey.id},utc_timestamp());"]}
Some of your User get it created, and dome dont have it. So I was asking to find out when and where the account is created :S
10/24/2022 08:16 AM
There must be some technical rule that triggers to create an account if they are being done via rules. Perhaps you can check the rules to see if there is any. There are other ways to create account, via ARS, API etc.
Try the query below in your data Analyzer and see if there has been any create account tasks created for the endpoint.
Select ars.TASKKEY,ars.ACCOUNTNAME,ars.ASSIGNEDFROMROLES,ASSIGNEDFROMRULE,ars.status as 'Task Status' from arstasks ars
join endpoints ep on ep.ENDPOINTKEY=ars.ENDPOINT
where ars.TASKTYPE=3 and ep.ENDPOINTNAME='SaviyntForSaviynt'
10/24/2022 09:06 AM
My impression... the creation account is call via API.
@avinashchhetri when I try you query, it return "No Data Found."
10/24/2022 09:13 AM
So there is no create account task created for your endpoint which means the CreateAccountJson never got triggered.
10/24/2022 09:16 AM
@avinashchhetri @rushikeshvartak
Ok. Trying to understand then why some user have that account, and suppose to have it. (The phase one of configuration has been made by consultant so that's why I'm trying to understand how it has been created)
10/24/2022 09:29 AM
If reconciliation has been scheduled, that may have created the accounts. When SaviyntForSaviynt is turned ON, these JSON's are auto populated based on the configurations selected. However that doesn't necessarily mean that the functonality is used, which is what it seems in your case for Create Accounts.
10/24/2022 09:33 AM - edited 10/24/2022 09:41 AM
Is the reconciliation job is the folowing? If yes then has you can see they are not scheduled. Also my latest created user have the account created.
10/24/2022 09:56 AM
Your latest created users have account created ?
How did you ceate the users, from UI ? And upon doing so, they automatically got the SaviyntForSaviynt account ?
10/24/2022 10:01 AM
User is created by a job (User Import via a connection(UserImportJob). connection attached is our HR system. So when a user get created in HR, each day the job trigger at 9:00AM (UTC) to import them in saviynt
10/24/2022 09:58 AM
10/24/2022 10:03 AM
10/24/2022 10:32 AM
Something must trigger SaviyntForSaviyntAccountsFullImportJobTrigger. I made a test on dev environment, I took someone who didnt have the Saviynt4Saviynt account. Then I ran that job manually, nothing appears for lastrun and status but when I go on that user, he have now the account. Also in completed task there is nothing.
So from my comprehension, something trigger it somehow
10/24/2022 11:05 AM
Based on what you have described, the users are getting assigned account upon the SaviyntForSaviynt Import Job and hence there is no task created.
Please check for the ecm-worker logs when you run the Import and see if you can see INSERT commands when the Import identifies the need for a new account to be created in the endpoint.
It also seems that there is some issues with the Job and thats why it is not showing the last run value, Perhaps you can manually create a Job in Dev and see if that helps.
10/24/2022 11:45 AM
I tried what you mention and there I can see the insert with the new job creation. So there is something wrong, maybe a bug for the existing one because is not showing in logs
The original job, is it created by default when Enable saviyntForSaviynt is checked? Or it need to be created manually? If it was created by default, maybe there is a bug into it and I should raise a support ticket direct to saviynt
10/24/2022 12:06 PM - edited 10/24/2022 12:07 PM
Yes Jobs comes with pre-package but you need to schedule
10/24/2022 12:19 PM
Ok but still, it dosen't show the history, either I ran it manually, so I'll raise a ticket for that.
Now, I need to identify what is triggering it.
10/24/2022 01:42 PM
Yes same with my end its running but not capturing history seems issue. You can create new job
10/25/2022 09:55 AM
Yeah you are probably right that is came from the import job. just I don't know how the job is runned. It didnt have scheduler on it
10/25/2022 10:03 AM
There is issue in history getting stored for that particular job same with me. raise ticket with saviynt operations to debug further
10/25/2022 10:13 AM
@rushikeshvartak Yeah I've create a ticket for that