and more in a single search tool across platforms. Read the announcement here. |
11/06/2023 09:14 AM
I have a requirement to trigger update account task for an endpoint only if the naming convention of the account doesn't start with admin.* via update rules.
Let's say the user has two accounts in the endpoint A - user1 and admin.user1. When the user profile gets updated through HR import and specific attribute changes, we trigger update account for endpoint A, currently update tasks gets created for user1 and admin.user1. What we want is to create update account task only for user1 and not admin.user1
How to achieve the same?
Currently we are using customquery to discontinue the admin.user1 update task before the provisioning job runs. Looks for a better solution to avoid task creation itself.
-Siva
11/06/2023 09:46 PM
Can you check if any of the below options help
1) the 'Does not contain' condition in the update rules to exclude users that have 'admin' in the username
2) Using actionable analytics to trigger update account tasks for all users who were updated through the day. ( this may not identify users that had the particular attribute updated but may help to filter admin.* users and trigger update tasks for all users. Use the usershistory table to identify users who were updated in particular time period)
3) Explore using the HQL query in the advanced config option of update rules. this may help to filter out admin accounts using the query filter
11/16/2023 09:05 AM
Hi Shiv,
Here the issue is not with identifying the users but with the action the rule has to take. So, using advanced config / classic config will not solve the problem.
Yes, actionable analytics can be a solution but we prefer not to loose the audit trail of which rule matched in the user history.
-Siva
11/16/2023 01:23 PM
@Sivagami : Did you try using Primary Account Type configuration in Endpoint ?
If not try to populate account type of non admin account as primary so that update rule will only trigger for primary accounts.
11/06/2023 11:03 PM
@Sivagami we have similar case where we ended up using the actionable analytics trigger.
We ended up filtering the records and then executing the subset of users.
This was a similar case when we had to manage both admin and normal ad account and I had no option to trigger update account task only for normal and not for AD account 😞
11/16/2023 09:00 AM
Do you mean you guys created a actionable analytics instead of update rules, Manish?
-Siva
11/16/2023 11:05 PM
Yes correct
11/16/2023 10:10 PM
Possible solutions :