Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

To add entitlement while Disabling the access

Ntest
New Contributor
New Contributor

Hi,

Can anyone provide suggestions if we can add entitlement when we are trying to disable the same user account.

 

Thankyou in advance.

7 REPLIES 7

pmahalle
All-Star
All-Star

@Ntest ,

Any special use case you want to add access while disabling the account? Which connector you are using here?


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

Ntest
New Contributor
New Contributor

Hi, AD connector is used and I want to add  access(entitlements) when leaver usecase is being performed on that AD( disabling the accounts)

 

Thankyou

Hi @Ntest ,

Can you try below steps and validate.

1. Create Technical rule to add required entitlement/access with appropriate condition .

2. In Update Rule which you are using to disable the AD account, add one more action along with Disable Account, Re-run Selected technical rule and select above (Step 1) created technical rule to re-run.

3. Set Task Execution Hierarchy in Global configuration. Make sure to put Add Access task before Disabled Account in the Hierarchy.

pmahalle_0-1690911405952.png

Let me know if any concern.


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂

You can add using actionable analytics report


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Hi Rushikesh, Is it possible for you to share more details about actionable analytics, about its configuration and all

Below is the document link for actionable analytics:

Provision Access

When Provision Access is configured as an allowed action, it allows you to assign the account to a particular access. When this action is performed on a record, an Add Access task is created in the target application.

The Analytics query must have the columns given below:
entvaluekey - Entitlement value key of the entitlement to which the account will be assigned.
acctKey - Accountkey of the account to provision with the entitlement.
accName - Name of the account to provision with the entitlement.
userKey - Userkey of the user to whom the account is mapped.

Sample query:

SQL
select ev.entitlement_valuekey as entvaluekey, a.accountkey as acctKey, a.name as accName,u.userKey from entitlement_values ev, entitlement_types et, accounts a, user_accounts uwhere ev.entitlementtypekey=et.entitlementtypekey and et.endpointkey=6 and a.accountkey in(select accountkey from accounts where endpointkey=6) and u.ACCOUNTKEY=a.ACCOUNTKEY;
 

This action can also be configured as a default action, i.e., it will be automatically performed when the Analytics control is executed. Note that this default action is applicable when the Analytics control is scheduled for execution from the Admin > Job Control Panel > Analytics jobs.

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter17-EIC-Analytics/Managing-An...

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

Ntest
New Contributor
New Contributor

Hi Thankyou Pandharinath for sharing this approach, I tried this approach but this is not giving accepted results.