We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

User update rules not triggering technical rules automatically

Caesrob
Regular Contributor
Regular Contributor

We made a user update rule which states if a users attributes gets updated, re-run technical rules to create a new account (just in case) and add access to necessary groups.

We had imported our users before making our groups in Active Directory and OpenLDAP so all of our tasks failed over and over until they were discontinued. This shouldn't be an issue though, as with the next update of the users these tasks will appear again.

This is the problem, we have done another import of users and updated customproperty15 for all of them. The user update rule with condition "customproperty15 is updated" should trigger the technical rules again.

However, no technical rules get triggered. The only thing we see in the logs is this: 

Caesrob_0-1701360219632.png

When we check the execution trail of the rules, we see this:

Caesrob_1-1701360314804.png

All of our technical rule triggers for adding access and making accounts 'failed'.

But when we click the action button on the right on one of these tasks and execute it again, it works completely fine and the add access tasks and new account tasks get provisioned.

 

So our question is, why are these rules 'failing' if clicking the execute again button just makes everything magically work?

[This message has been edited by moderator to mask PII info]

14 REPLIES 14

SumathiSomala
All-Star
All-Star

@Caesrob check the Trigger Actions when in your user update rule

SumathiSomala_0-1701371253975.png

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

rushikeshvartak
All-Star
All-Star

Share rule config screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Caesrob
Regular Contributor
Regular Contributor

Caesrob_0-1701416915393.png

The trigger action is 'when user is updated from import'.

@Caesrob Since the trigger action is 'when user is updated from import'.

Did you update the attribute in target which is mapped to customproperty15 before importing the users into Saviynt?

Also check the Check rules and zero day provisiong parameters in job trigger

SumathiSomala_0-1701430712877.png

 

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

No, we thought 'when user is updated from import' means that when the users gets a new attribute value in Saviynt, the user update rule should trigger. 

We also think it's strange that we can't just do a re-import of users with no changes and trigger every technical rule again, seeing as these tasks have not been completed yet and are not pending anymore. 

Because let's say something goes wrong adding a new account task from import and the task gets discontinued due to 20 fails, how is this user ever going to get a new account task again? 

 

@Caesrob If you are updating the attribute in Saviynt

The trigger action is 'when user is updated from UI'.

 

Regards,
Sumathi Somala
If this reply answered your question, please Accept As Solution and give Kudos.

Am i understanding this correctly?

If we add '"customproperty6": "eMail~#~char"' to our userImportJSON and we run another import job, the trigger action should be 'when user is updated from UI'?

Hi @Caesrob 

Could you please confirm below things about the issue.

Case 1. Tasks are getting created as expected from rules but tasks are failing? [Issue with connector/task execution]

If this is the case then rules are working fine but issue lies in the execution of the tasks.

Case 2. Even tasks are not getting created from the rules. [Issue is with Rules]

In this case we can say rules are not getting triggered. 

From the information you have provided, it seems the issue is case1 but I want to have a confirmation from your end. We need the logs where the tasks are getting failed in this case.

Regards,

Dhruv Sharma

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @Caesrob,

Please ensure Trigger action should be when user is updated from import.

You need to verify if the ‘cp15’ field is being updated for any user. Also, check if you can see the user update rule in the ‘usershistory’ or not.

Could you also confirm if the ‘check rules’ option is enabled in the import job?

Technical rule should be active and user should be satisfying the technical rule condition.

If all these are fine then it should work User update rules will work only in below cases

Please note, user update rules will only work in the following scenarios:

  1. If the previous value is null and the new value is not null.
  2. If the new value is not equal to the previous value.


Thanks

Caesrob
Regular Contributor
Regular Contributor

So we decided to test this case some more on our end and we think we figured out the problem. 

We import the users to Saviynt through a REST API connection which does a GET of the students API endpoint. We then trigger technical rules based on this import. This is done for 8907 users.

To test if the connection works as expected and doesn't have any issues, we did the same exact update of customproperty15 through a CSV file. We added the updated customproperty15 value to all users, we uploaded the file and we set check rules: on and Reconciliation Field as Username.

The file was uploaded successfully but the updates all went to the execution trail again.
However, slowly but surely tasks were getting created and the execution trail failed processed rules number started decreasing. At the end, thousand of new tasks were created for new account and add access. This never happened when we imported the users again through the REST connector.

This leads us to think something is going wrong with the import through the REST connector. If anyone has any useful information on this that could be helpful, we'd love to hear it.

 

 

 

Hi @Caesrob 

Did this start happening after some upgrade or new implementation .

if its working from csv upload, then from the rest connector please check what are all attributes being updated, can you try to map only cp15 and username attributes from rest connector and see the technical rules are run correctly or not.

If not we will need to check the full logs where our team will open the ticket and take it ahead.

 

Thanks

Darshan

Caesrob
Regular Contributor
Regular Contributor

This didn't stop working after an upgrade or new implementation, it just never worked correctly after the first import. 

The only attributes being updated are username attributes and cp15. Nothing else is being updated in the user import currently.

We got feedback on the ticket saying we should tweak the externalconfig Zerodaylimit, but that did not work either. We're going to have a call now to discuss the issue and hopefully a solution comes out of this.

Hi @Caesrob 

Just wanted to follow up on this issue. Could you please confirm if the issue got resolved or still open?

Is there any existing open Fresh service ticket for this issue? Could you please share the ticket number.

If the issue still open and there is no open ticket, we will open a new ticket on your behalf.

Regards,

Dhruv Sharma 

Caesrob
Regular Contributor
Regular Contributor

Hello,

The issue is still ongoing. We have created a ticket and someone is working on it, but it does seem to be a difficult issue to re-create and resolve.

Ticket number: #INC-2016151