Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Saviynt reqeusts need to be processed even if the users is being locked in the backend system

AravindK
Regular Contributor
Regular Contributor

‎04/05/2023 10:20 PM

Saviynt requests on locked users are being processed and completed in Saviynt, but not in the backend system (eg. SAP). This leads to a situation where Saviynt and SAP deviate. Saviynt shows the role assigned, but SAP backend not.

We need to make sure that Saviynt is capable to process request on adding or removing roles even if the user account has been locked due to several reason in the backend.The user do not know whether an account is locked or not, they just initiate requests which are being processed by Line Manager, Role Owner as well as Saviynt. If the account is locked, a mismatch between Saviynt and backend is happening. Users then cannot requests role assignments anymore as Saviynt shows the role assigned. User then need to request role removal (and approvals) to get it corrected and requests it again. This leads to confusion and waste of time.

We would like to know i if there is maybe a way to add some kind of pop up that will notify the user "your account is locked in one of the target systems and access will not be granted, please contact sap administrator"  like this??

 

0 Kudos
3 REPLIES 3

nimitdave
Saviynt Employee
Saviynt Employee

‎04/05/2023 10:51 PM

Saviynt will not create add access tasks if the user or account is inactive. So are you saying that saviynt is creating add access task even if user or account is inactive.

If a account is locked in SAP then that status should be reconciled to saviynt for the account and account status in saviynt should be inactive.

0 Kudos

AravindK
Regular Contributor
Regular Contributor

‎04/06/2023 12:48 AM

Hi ,
yes . User account is locked in the target system. Though user account is locked on target system,  Saviynt is allowing the user to raise a request.
Is there any way that I can configure this behavior so that Sav will not allow the user not to raise a request for any role if the an account is locked out in the target system?

0 Kudos

dgandhi
All-Star
All-Star

‎04/06/2023 05:54 AM

Hi AravindK,

If the account is locked or Inactive in target then we will have to reconcile the status of the account and bring it back to Saviynt.

Once the status of the account in Saviynt is Inactive, it wont allow you to raise any request for the Inactive account. Also please do check below config at the endpoint level.

dgandhi_0-1680785637721.png

Thanks

Devang

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.
0 Kudos
Copyright © 2024 Khoros, LLC