Saviynt Forums

pradeeppalagiri · ‎10/16/2024

Active Directory accounts are disabled and moved to a specific OU after 30 days offboarding by AD team. When the user is rehired with in 30 days , the account is matched and re-enabled with in 30 days based on below user udpate rule with in 30 days .

After 30days account moved to different OU and we are we are using below user update rule after 30 days to re run all provisioning rules to create new account.

user update rule with in 30 days
(Enable User Accounts AND Re-run All Provisioning rules)

user update rule after in 30 days

Re-run All Provisioning rules

The problem I am experiencing application team is not moving account after 30 days. If I use a birthright rule to create AD account(re run all provisioning rule) it is failing
as account allready exists.

How can i check in saviynt account already exists in AD before running after 30 days user update rule

NM · ‎10/16/2024

@pradeeppalagiri creation would be in a different OU right?

If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'

pradeeppalagiri · ‎10/16/2024

same OU only we need to create and enable

rushikeshvartak · ‎10/16/2024

You have 30 days till rehire
You can prepare detective analytics report and send email to AD Support team to move to respective OU

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pradeeppalagiri · ‎10/16/2024

I don't want to dependent on AD, can we check condition in Saviynt user update rule if user exists in AD then enable it, if user not exists then create it for rehire?

Regards

Pradeep

rushikeshvartak · ‎10/16/2024

if you are setting flags in user property level u can update user update rule

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pradeeppalagiri · ‎10/16/2024

AD team need to update the flag from there side when they are moving the OU then I can map in Saviynt right

Regards

Pradeep Palagiri

rushikeshvartak · ‎10/16/2024

Then you need to have detective report control in place

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pradeeppalagiri · ‎10/16/2024

Can you please elaborate ?

Regards

Pradeep

rushikeshvartak · ‎10/16/2024

You can prepare detective analytics report and send email to AD Support team to move to respective OU

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

pradeeppalagiri · ‎10/16/2024

As i mentioned earlier, we don't want dependent on AD team , when we receive rehire user data from HR team for an existing user( status as I-->A) using user update rule only can we enable user if user exists in AD and if user not exists in AD can we create it(rerun all provisioning rule) ? or any other Saviynt standard process ?

Regards

Pradeep Palagiri

rushikeshvartak · ‎10/16/2024

Instead of AD team you can move user to respective OU

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Saviynt Forums

User update rule is failing for rerun all provisioning rules