Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SuccessFactors Integration | Access Deprovisioning for Inactive account

Go to solution
Manu269
All-Star
All-Star

‎06/05/2022 11:50 PM

Hi Team,
 
Background
We have a use case below for SF System.
 
  • Users are created in HR System. 
  • The users are then reconciled in Existing Customer IAM solution- SAP Based (This IAM solution is not Saviynt). 
  • From Existing Customer IAM Identity is getting reconciled in Saviynt via scheduled job.
  • We have a target system SuccessFactors, here the identity creation is happening via HR source (via some integration) and we need to manage only the additional access via Saviynt ARS process.
  • In Saviynt we are reconciling the SuccessFactors account and access daily via account access import job.
 
Use Case:
  • When the identity is disabled in HR, the same status is updated in SuccessFactors and associated access is not removed in target SuccessFactors system.
  • When we are reconciling the account and access from target system we can see the account status is reconciled as inactive and access still associated. (This is accepted behavior)
Note: When Account is disabled by HR in SuccessFactors then Account is only disabled and access is still remain intact, it is not removed.
 
Assistance Required
  • Since the identity is getting disabled in HR it is getting reconciled in Existing Customer IAM solution.
  • From Existing Customer IAM solution to Saviynt. 
  • Can you please help us in this case how can we  perform access deprovisioning for the account which is already disabled in SuccessFactors (disabled in SSM via Account & Access Import) ?
  • Can user update rule in Saviynt , trigger access deprovisioning task for disabled account which was reconciled in Saviynt?
 
Thanks 
 
Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
Labels:
0 Kudos
3 REPLIES 3

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee

‎06/07/2022 11:44 AM

Manish,

Are you looking to update SuccessFactors via 2 IAM solutions ? The existing one (SAP based) just disables the account and Saviynt to revoke all the existing entitlements for the disabled account ?

Also what is the schedule for you HR user import and SF account reconciliation in Saviynt ?

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
0 Kudos

Go to solution
Manu269
All-Star
All-Star

‎06/07/2022 09:42 PM

Hi Avinash ,

Yes that is correct.

Account Disable via HR System

Access revocation for disabled account via Saviynt.

Import from Customer Custom IAM solution to Saviynt is incremental (every 2 hours )

SF account reconciliation in Saviynt :: Every 24 hours

 

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Manu269

‎06/08/2022 07:09 AM

Manish,

If I understand your use case correctly, once the user is disabled in HR, the SF account is also disabled. However, at this point in time (assuming no imports have triggered) in Saviynt both User and Account is active.


Since the user import is more frequent than your SF account import, you could create rules to "Deprovision Access"  for SF upon user termination and have the endpoint configured to open entitlement tasks by selecting "Create Dependent Entitlement Task for Remove Access".

 

Regards,

Avinash Chhetri

Regards,
Avinash Chhetri
0 Kudos
Copyright © 2024 Khoros, LLC