This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Upgrade Job - reconcile "legacy" access and update account_entitlements1 table

PRana
New Contributor
New Contributor

‎09/25/2023 01:57 PM

We had AD group membership granted to employees using legacy IAM platform. When Saviynt replaced the legacy platform, we were able to reconcile AD group membership as entitlements on user's AD account. 

We are noticing that these entitlements are not evaluated and remove access tasks are not triggered when technical rule conditions are not met. We do have 'Birthright' and 'Remove Birthright if conditions fail' checkboxes selected on technical rules. It is logical because Saviynt did not grant that access as birthright.

While going through the following documentation, it seems like Upgrade Job has been designed specifically for this purpose. 

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter10-Job-Control-Panel/Job-Cat...

Does anyone have experience with it? Can you share some tips?

Does anyone have other thoughts on how to handle legacy access that was not provisioned through Saviynt?

Thanks

 

 

 

 

 

 

0 Kudos
4 REPLIES 4

DixshantValecha
Saviynt Employee
Saviynt Employee

‎09/28/2023 02:53 AM

Hi @PRana,

Thanks for reaching out to saviynt forums,We are checking on this and we will provide you an update shortly on this.

0 Kudos

DixshantValecha
Saviynt Employee
Saviynt Employee

‎09/28/2023 03:38 AM - edited ‎09/28/2023 03:39 AM

Hi @PRana ,

We recommend conducting testing for this(Upgrade Job) in a lower-tier environment. Please ensure the data in this environment is sanitized, and no concurrent background processes/Jobs are running during your testing phase.Please validate and let us know if further details are needed on this.

0 Kudos

PRana
New Contributor
New Contributor
In response to DixshantValecha

‎09/29/2023 06:38 AM

Hi Dixshant,

I followed the documentation and ran the upgrade job with following upgrade types sequentially. The jobs completed successfully. However, it did not make legacy access eligible for evaluation by technical rules.

Upgrade Job sequence - Backup Account Entitlements Data, Evaluate Missing Rule Data, Update Accounts Entitlements with Evaluated Data, Remove Temp tables created in upgrade, Remove Account Entitlements DataBackup

 

 

0 Kudos

DixshantValecha
Saviynt Employee
Saviynt Employee

‎11/28/2023 05:53 AM

Hi,

Kindly provide insights into the log entries you observe while executing this activity. Your feedback on the log details will assist in a more thorough analysis. 

0 Kudos
Copyright © 2023 Khoros, LLC