Click HERE to see how Saviynt Intelligence is transforming the industry. |
07/03/2024 12:09 PM
Hi,
I have a requirement where for leavers, on the day of them leaving, I need to only set the Account Expires as their leave date and move them to Leavers OU in AD and not needed to update their status as disabled.
My questions are,
1. Can I use disable Account JSON to do this? If yes, then wouldn't set the status of account as inactive in Saviynt?
2. If I use Update Account JSON, can I use MoveUsertoOU to move the account to different OU?
3. And If I need to use only Update Account JSON for this, Can I include condition to update Account Expires only for Leavers? for the rest of the scenario, It shouldnt even pass that attribute.
Appreciate any help.
Regards,
Lokesh
07/03/2024 08:12 PM
@LokeshSoundar1 check below is reference
{
"moveUsertoOU": "OU=DeletedUsers,DC=abccompany,DC=com",
"deleteAllGroups": "Yes",
"userAccountControl": "514",
"password": "${randomPassword}"
}
https://forums.saviynt.com/t5/identity-governance/ad-disable-account/m-p/49388
07/03/2024 08:26 PM - edited 07/04/2024 05:04 PM
1. Can I use disable Account JSON to do this? If yes, then wouldn't set the status of account as inactive in Saviynt? - Yes / status gets controlled by status threshold configuration
2. If I use Update Account JSON, can I use MoveUsertoOU to move the account to different OU? - Yes https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Provisioni...
3. And If I need to use only Update Account JSON for this, Can I include condition to update Account Expires only for Leavers? for the rest of the scenario, It shouldnt even pass that attribute. - You can’t skip some attribute
07/04/2024 02:13 AM
And also for point 3, I think I can use if the if else block the JSON to check if the user's leave date is today or is in the past, then set the accountexpires in if block and in else block, I can keep rest of my logic.
07/04/2024 02:05 AM
Hi Rushikesh,
Thanks for your response. As per the AD documentation (https://docs.saviyntcloud.com/bundle/AD-v24x/page/Content/Configuring-the-Integration-for-Provisioni...),
I can see that we can use MoveusertoOU In update account JSON.
07/04/2024 02:19 AM
@LokeshSoundar1 We can use moveUsertoOU in update accountAD.
Earlier I have used in one of the implementation.
07/04/2024 02:25 AM
Thanks Sumathi. I have a couple of follow up questions.
1. How can I set AccountExpires in AD with the end date value in Saviynt?
2. How can I update SamAccountName, CN, DN and Mail field in AD if the first name or last name is updated? And also Can I use Account Name rule and check for unique for this or is this only supported for create account?
If you can share any sample JSON, it would be great.
Thanks,
Lokesh
07/04/2024 05:07 PM