Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security System Threshold Limit

GOE
Regular Contributor
Regular Contributor

‎10/17/2023 10:41 AM - edited ‎10/17/2023 11:15 AM

Hello,

I need some clarifications on the functions of the  NEWACCOUNT Provisioning limit task type. In the documentation it mentions that NewAccount Allows you to specify the provisioning limit for New Account task. The New Account task is generated from: Access Requests, Rules, and Roles.

Does that include Add Access task generated at birthright as part of Role provisioning? We have technical rules that assigns roles (and the entitlements attached to them) when a new user is created. Also, if we set the provisioning limit to 100, is it for the total number of tasks in the pending list or the users the tasks are getting generated for?

We had set a threshold limit for new account, however, even though the new account tasks were less than the threshold, it failed to provision with this error message: Account Entitlement Task as part of Role Request ROLENAME from ZeroDay Provisioning [08-26-2023-total task count (2223) is greater than defined limit (200)].

Thanks

Labels:
0 Kudos
5 REPLIES 5

sk
All-Star
All-Star

‎10/17/2023 02:11 PM - edited ‎10/17/2023 03:08 PM

@GOE : What is the limit set for Task Type ADD? I think in your case ADD threshold is limiting the provision. Because If I understand correctly you are assigning the roles upon user creation. Which will try to assign entitlements along with creation of account if respective user didn't have account. 

In that case it creates a Add Access Task and internally it make an new account creation upon no account found. Since Task is Add Access may be respective provisioning limit is getting applied.


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

GOE
Regular Contributor
Regular Contributor
In response to sk

‎10/17/2023 02:25 PM

In our case there was no ADD threshold set

0 Kudos

sk
All-Star
All-Star
In response to GOE

‎10/17/2023 03:07 PM - edited ‎10/17/2023 03:10 PM

@GOE : Then i believe it might be coming from userImport.zeroDayLimit configuration in externalconfig.properties can you validate the same? This setting will limit the birthright provisioning. 

By default I think this value will be 100. But as per the logs you shared looks like it is set to 200 in your environment


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

GOE
Regular Contributor
Regular Contributor
In response to sk

‎10/18/2023 03:48 AM - edited ‎10/18/2023 04:08 AM

The value was actually set to 1000, which is why it's a bit confusing to me. The only number that 200 matches with it the value we had set in the New Account threshold. Also, my understanding is that for zero day limits, the task would not be created at all upon import.

0 Kudos

rushikeshvartak
All-Star
All-Star

‎10/17/2023 08:58 PM

It does not consider task created through rules, only considered as Access Requests


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC