Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

User Update Rule - Remove Access Action - Correct Behavior for Remove Ent Task in Entitlement Map

Charitha
New Contributor
New Contributor

‎08/29/2024 01:58 AM

Hi,

Use case: I am trying to create a use case where through user update rule, remove access of one entitlement it should automatically remove other entitlements specified.

Implementation Details:

For this I tried using the "Remove Ent Task" from Entitlement Map.

  • Ent 1 of Ent type 1 (request option=table) from Endpoint 1
  • Ent 2 of Ent type 2 (request option=table) from Endpoint 2 which is mapped in Ent 1 under other entitlements.
  • Request Filter, Add Dependent Task, Remove Ent Task are set to true
  • Exclude Entitlement set to false.
  • A user update rule is configured to invoke remove access task for Ent 1.

Issue: It is generating a pending task only for Ent 1 but not Ent 2.

Ask: I am expecting pending task generation for Ent 2 as well. Should I make any configuration changes to achieve this?

Best Regards

Charitha.

Labels:
0 Kudos
5 REPLIES 5

NM
Honored Contributor II
Honored Contributor II

‎08/29/2024 02:43 AM

Hi @Charitha , is the entitlement  from different endpoint still assigned to the account?

Can you try this via ars request.

We saw the same behaviour most likely a bug but as our use case was changed couldn't test all edge cases

0 Kudos

Charitha
New Contributor
New Contributor
In response to NM

‎08/30/2024 05:09 AM

Hi @NM ,

Yes. Ent 2 from Endpoint 2 is still assigned to the account when the user update rule got invoked and generated remove access task only for Ent 1 from Endpoint 1.

Our use cases are as follows:

  1. Add Access: Ent 1 is requested through ARS. With the help of 'Add Dependent Task' set as 'true' in the Entitlement Map, it is able to generate Add access task for both Ent 1 from Endpoint 1 and Ent 2 from Endpoint 2.
  2. Remove Access: During leaver lifecycle event, we are specifically implementing user update rules to remove accesses. During that scenario, task is generating for Ent 1 from Endpoint 1 alone and no task is generating for Ent 2 from Endpoint 2. 

Best Regards,

Charitha.

0 Kudos

rushikeshvartak
All-Star
All-Star

‎08/29/2024 08:26 AM

  • This is expected behavior from product perspective 
  • Please raise idea ticket for enhancement 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Charitha
New Contributor
New Contributor
In response to rushikeshvartak

‎08/30/2024 04:55 AM - edited ‎08/30/2024 04:55 AM

Hi @rushikeshvartak ,

So are you saying, 'Remove Ent Task' work only if entitlements are from same endpoint?

Best Regards,

Charitha

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Charitha

‎08/30/2024 08:03 AM

Tasks will not be created from entitlement mapped under entitlement map


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC