Saviynt Forums

Sitarasmi · ‎06/30/2022

Hi Team,

We have configured AD connector for provisioning. For a leaver process, the AD account gets disabled & moved to Disabled Users OU. All AD group access get removed instantly.

Below is the requirement:

During leaver process, the AD account shouldn't get disabled immediately. It should remain in the same OU having one specific group access (AdSync group). After 1 hour, it should be disabled & moved to the Disabled Users OU & all group access then gets removed.

ADSyncgroup access is required to sync the user from on-perm to Azure AD. So when it gets removed instantly through leaver events, the inactive users are unable to get synced to Azure which is causing a lot of manual cleanup activity by AD team.

Could anyone please check this & provide possible solution to achieve this.

Let me know for any clarifications.

Thanks,

Sitarasmi

Sitarasmi · ‎06/30/2022

IN addition this , is there any possibility to skip one group from getting disabled (via Disable Account JSON)& remove all other groups ?

Thanks,

Sitarasmi

rushikeshvartak · ‎06/30/2022

try if else logic.

on delayed task creation split task creation in 2 rules or use analytics report

n in query add some timedelay on enddate of user

Regards,
Rushikesh Vartak

Sitarasmi · ‎07/03/2022

Hi Rushikesh,

Could you please provide an example or sample query/code to achieve this.

Thanks,

Sitarasmi

rushikeshvartak · ‎02/08/2023

You can prepare basic actionable report and date should be time delay

https://docs.saviyntcloud.com/bundle/EIC-Admin-v2022x/page/Content/Chapter17-EIC-Analytics/Configuri...

Regards,
Rushikesh Vartak

johnson · ‎02/08/2023

Can you please provide an example of this?

Saviynt Forums

Time delay in Disabling Active Directory account