Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Technical Rule creates new Account Task if user has inactive account

Chamundeeswari
New Contributor III
New Contributor III

‎10/02/2024 02:18 AM

Hi,

We have a use case where, whenever a user goes on leave, the account is disabled and when he returns, the account is enabled again and all rules are run to check for missing accesses. We have technical rule that creates an account and adds accesses when a new user joins the company. The same rule is also checked when the user comes back from leave, to check if any of the accesses are missing. However, when the user returns from Leave, Saviynt is creating a "New Account" task and trying to add all accesses to this new account. Our expectation is, it only creates "Add Access" tasks and a separate rule will enable the account. What is causing Saviynt to create "New Account" tasks when the user already has an inactive correlated account in the same user?

Please note that, in the technical rule, the "Birthright" and "Detective" is unchecked.

Thanks and Cheers!

0 Kudos
5 REPLIES 5

NM
Honored Contributor II
Honored Contributor II

‎10/02/2024 03:32 AM

Hi @Chamundeeswari you can try by enabling the option in endpoint 

Disable new account if account already exist and give it a shot.

Otherwise another possible option is to have to rules ..

In the case of a user profile creation have a seperate technical rule which creates an account and add all those access.

2) in the case of rehire use a different technical rule with just add access tasks.

Another thing is the account name different for which saviynt is trying to create account?

0 Kudos

Chamundeeswari
New Contributor III
New Contributor III

‎10/02/2024 03:42 AM

Hi @NM

1. We already have "Disable new account if account already exists" enabled.

2. We are calculating a custom status which sets the value "ACTIVE" both when on user's start date, and when the user comes back from leave. So, we cannot create a separate rule. Even if we do, both rule will check for "ACTIVE" status.

3. Yes, account name is different. Reason being, customer used a different rule for accountNames before and now we have a different rule for all new accounts.

0 Kudos

NM
Honored Contributor II
Honored Contributor II
In response to Chamundeeswari

‎10/02/2024 03:52 AM

@Chamundeeswari different account name might be a possible issue.

Do you have any other while which will seperate new hire from rehire .. which can be added as another identifying factor.

0 Kudos

Chamundeeswari
New Contributor III
New Contributor III

‎10/02/2024 03:54 AM

We are already in production and hence trying to find a better and quick solution. This behaviour is not always observed in Saviynt. And our previous customers had similar setup without issues. Hence, is there any other setting that could help with not creating new account tasks if user already exists ?

0 Kudos

Amit_Malik
Valued Contributor II
Valued Contributor II
In response to Chamundeeswari

‎10/02/2024 04:09 AM

@Chamundeeswari , do you have ALL or INACTIVE selected in the account name rule for the endpoint?

Amit_Malik_0-1727867343078.png

 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos
Copyright © 2024 Khoros, LLC