Hi all,
Based on Saviynt documentation:
The Recon application configuration is used to set if you are importing data from respective endpoints associated with the security system or not.
Following are the options to select: Yes: Click Yes, if you want to import data. No: Click No, if you do not want to import data.
|
What I have noticed is that when deleting account,
If I have Recon App set as "Yes", I need to run an import job before I can request for the same account name again.
If I have Recon App set as "No", I can immediately request for the same account name again.
This is because if Recon App is set as "No", Saviynt automatically appends the account name with "-Deleted on ..."
Would like to ask if anyone is setting Recon App as "No" for connected applications (where we run import job for account/access?). One benefit I can see is that we will get an audit trail on when the account is deleted/suspended etc. Not sure if this would be best practice or would there be any issues setting Recon App as "No" for connected applications. Would like to hear your thoughts
Appreciate any input!
Thank you
