Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Suspension

Go to solution
Naveen_Talanos
Regular Contributor II
Regular Contributor II

‎10/21/2022 07:54 AM

Hi Experts,

Please help

How is user adhoc suspension managed in Saviynt.

My scenario is:

1. Manager should be able to put user in "Suspended" state, which is different user from "Disabled" user. This should be a feature to disable a user like through ARS. This should "suspend" user's account and related entitlements.

2. If now the user is "unsuspended", manager should be able to request this un-suspension from ARS and then all the suspended accounts and entitlements should be enabled at the same point where they were suspended.

Regards,

Naveen

0 Kudos
8 REPLIES 8

Go to solution
rushikeshvartak
All-Star
All-Star

‎10/21/2022 08:48 AM

You can use one click disable for ad hoc suspension but you said disable is not required. once accounts is suspended Saviynt will not know what old access account was having.

In this case user account should be inactivated & reactivated for unsuspension


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
Naveen_Talanos
Regular Contributor II
Regular Contributor II
In response to rushikeshvartak

‎10/21/2022 09:15 AM

Actually I can use one click disable, but only if I am able to identify that "disable" as suspension somehow. Need to differentiate between normal disable and "suspension disable".

Also, one click disable is anyways making User status as "Inactive", can I add more statuses in "Status" dropdown? Also somehow need to make the account "Inactive", as you suggested, if it is "suspension disable".

Regards,

Naveen

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Naveen_Talanos

‎10/21/2022 09:21 AM

@Naveen_Talanos,

You cannot add more user status to what's already there. Saviynt reognizes only two status's Active and Inactive.

What you caould perhaps do is, make use of customproperties to add your 'additional' status and then trigger user updates rules to disable accounts/access.

 

 

Regards,
Avinash Chhetri

Go to solution
Naveen_Talanos
Regular Contributor II
Regular Contributor II
In response to avinashchhetri

‎10/21/2022 09:57 AM

Thanks @avinashchhetri, makes sense.

Do you think I can achieve this as well?

On suspension if I make user's account inactive, say AD account which has 3 entitlements (2 active and 1 disabled), now when user is unsuspended, AD account should be enabled to same state with 3 entitlements (2 active and 1 disabled)? Like freeze and unfreeze....

Regards,

Naveen

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to Naveen_Talanos

‎10/21/2022 10:11 AM

You can achieve using below steps

  1. Use Update User Request Form
  2. Update some customproperty = Suspend
  3. Use above customproperty and create User Update Rule
  4. Based on User Update Rule Lock the AD Account

 

For Reactivate -

  1. Use Update User Request Form
  2. Update some customproperty = Unsuspend
  3. Use above customproperty and create User Update Rule
  4. Based on User Update Rule Unlock the AD Account

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Go to solution
Naveen_Talanos
Regular Contributor II
Regular Contributor II
In response to rushikeshvartak

‎10/21/2022 10:32 AM

Thanks @rushikeshvartak looks like that will work. 

 

0 Kudos

Go to solution
avinashchhetri
Saviynt Employee
Saviynt Employee
In response to Naveen_Talanos

‎10/21/2022 10:32 AM

@Naveen_Talanos,

What do you mean when you say an entitlement is disabled ? It is either Active or Not. 

Also as long as the account itself is inactive, would it matter if the entitlements are tied to the account, temporarily in this case ?

 

 

Regards,
Avinash Chhetri
0 Kudos

Go to solution
Naveen_Talanos
Regular Contributor II
Regular Contributor II
In response to avinashchhetri

‎10/21/2022 10:35 AM - edited ‎10/21/2022 10:36 AM

I realized that @avinashchhetri, you are right.

Thanks for your reply

0 Kudos
Copyright © 2024 Khoros, LLC