Click HERE to see how Saviynt Intelligence is transforming the industry. |
10/02/2024 02:18 AM
Hi,
We have a use case where, whenever a user goes on leave, the account is disabled and when he returns, the account is enabled again and all rules are run to check for missing accesses. We have technical rule that creates an account and adds accesses when a new user joins the company. The same rule is also checked when the user comes back from leave, to check if any of the accesses are missing. However, when the user returns from Leave, Saviynt is creating a "New Account" task and trying to add all accesses to this new account. Our expectation is, it only creates "Add Access" tasks and a separate rule will enable the account. What is causing Saviynt to create "New Account" tasks when the user already has an inactive correlated account in the same user?
Please note that, in the technical rule, the "Birthright" and "Detective" is unchecked.
Thanks and Cheers!
10/02/2024 03:32 AM
Hi @Chamundeeswari you can try by enabling the option in endpoint
Disable new account if account already exist and give it a shot.
Otherwise another possible option is to have to rules ..
In the case of a user profile creation have a seperate technical rule which creates an account and add all those access.
2) in the case of rehire use a different technical rule with just add access tasks.
Another thing is the account name different for which saviynt is trying to create account?
10/02/2024 03:42 AM
Hi @NM
1. We already have "Disable new account if account already exists" enabled.
2. We are calculating a custom status which sets the value "ACTIVE" both when on user's start date, and when the user comes back from leave. So, we cannot create a separate rule. Even if we do, both rule will check for "ACTIVE" status.
3. Yes, account name is different. Reason being, customer used a different rule for accountNames before and now we have a different rule for all new accounts.
10/02/2024 03:52 AM
@Chamundeeswari different account name might be a possible issue.
Do you have any other while which will seperate new hire from rehire .. which can be added as another identifying factor.
10/02/2024 03:54 AM
We are already in production and hence trying to find a better and quick solution. This behaviour is not always observed in Saviynt. And our previous customers had similar setup without issues. Hence, is there any other setting that could help with not creating new account tasks if user already exists ?
10/02/2024 04:09 AM
@Chamundeeswari , do you have ALL or INACTIVE selected in the account name rule for the endpoint?
10/02/2024 05:06 AM
I have "All" in the "Check Unique Account".
10/02/2024 05:35 AM
@Chamundeeswari keep the value only to inactive and manually suspended.
10/02/2024 05:49 AM
Thanks! We will test it out and let you know!