Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Users not inactivated after changing userReconcillationField in DB connector

IDAM09
New Contributor II
New Contributor II

‎03/11/2024 12:11 AM - edited ‎03/11/2024 12:12 AM

Hi,

We are importing users via DB connector in Saviynt. In the first roll-out the userReconciliation field was "username" - during which the users were getting inactivated when those corresponding records where missing in the view - as expected.

However, due to some requirements - we updated the userReconciliation field to another unique field and since then the users are still Active in Saviynt even though those user records are missing in the view.

Appreciate if any one could help resolve or share any ideas to fix the issue.

 

Thanks.

Labels:
0 Kudos
19 REPLIES 19

CR
Regular Contributor III
Regular Contributor III

‎03/11/2024 12:28 AM - edited ‎03/11/2024 12:35 AM

add below on in ThresholdConfig try it.

{
"statusAndThresholdConfig": {
"accountThresholdValue": 50,
"statusColumn": "customproperty12",
"activeStatus": [
"true","TRUE","True"
],
"deleteLinks": false,
"correlateInactiveAccounts": true,
"inactivateAccountsNotInFile": "true"
}
}

 

and try it below if not added in your xml

<userNotInFileAction>NOACTION</userNotInFileAction>


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

IDAM09
New Contributor II
New Contributor II

‎03/11/2024 12:34 AM

@CR Thanks for the quick response. 

We are facing the issue with User/Identity inactivation. Not Account inactivation.

The User Import xml already has this value set <userNotInFileAction>INACTIVATE</userNotInFileAction> 

0 Kudos

CR
Regular Contributor III
Regular Contributor III
In response to IDAM09

‎03/11/2024 12:39 AM - edited ‎03/11/2024 12:46 AM

can you try like below

<userNotInFileAction>NOACTION</userNotInFileAction>

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.
0 Kudos

IDAM09
New Contributor II
New Contributor II
In response to CR

‎03/11/2024 07:25 PM

@CR The requirement is to Inactivate if the user is missing in the file.

0 Kudos

IDAM09
New Contributor II
New Contributor II

‎03/11/2024 12:51 AM

IDAM09_0-1710143361266.png

The Global config is Enabled and we are on 24.1 version.

The same configuration is working in the lower environment. However, issue persists only in production. Trying to analyse if the change in userReconciliation field has caused this issue and if so how to rectify the same.

 

Thanks.

0 Kudos

RJswarup
New Contributor
New Contributor

‎03/11/2024 03:58 AM

After changing the user recon field from username to some other unique field, do you still have the username mapping on the json?, If not then have the username mapping and try to do user import again with the other unique attribute as the recon field.

0 Kudos

IDAM09
New Contributor II
New Contributor II
In response to RJswarup

‎03/11/2024 07:20 PM

@RJswarup We do have the mapping for username in the json. And the recon attribute is the other unique field.

<mapfield saviyntproperty="username" sourceproperty="username" type="character"></mapfield>

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IDAM09

‎03/11/2024 07:26 PM - edited ‎03/11/2024 07:28 PM

Please share full xml

<importsettings>
<zeroDayProvisioning>false</zeroDayProvisioning>
<userNotInFileAction>NOACTION</userNotInFileAction>
<checkRules>true</checkRules>
<generateEmail>false</generateEmail>
<userReconcillationField>username</userReconcillationField>
<buildUserMap>false</buildUserMap>
</importsettings>


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

IDAM09
New Contributor II
New Contributor II
In response to rushikeshvartak

‎03/11/2024 07:29 PM

<importsettings>
<zeroDayProvisioning>true</zeroDayProvisioning>
<generateEmail>true</generateEmail>
<userNotInFileAction>INACTIVATE</userNotInFileAction>
<checkRules>true</checkRules>
<buildUserMap>false</buildUserMap>
<generateSystemUsername>false</generateSystemUsername>
<userReconcillationField>employeeid</userReconcillationField>
</importsettings>

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IDAM09

‎03/11/2024 07:31 PM 

                    <userNotInFileAction>InactivateUserOnly</userNotInFileAction>

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to rushikeshvartak

‎03/11/2024 07:31 PM

From Release v 23.11, you can also do the following:

  • Specify the value of the userNotInFileAction tag as InactivateUserOnly. When you specify this value, the status of existing users not present in the HR system is changed as Inactive instead of terminating them and creating a Revoke Access task. This option does not terminate users although the User Termination from Imports configuration is enabled under Admin > Global Configurations > Identity lifecycle > OFFBOARDING.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

IDAM09
New Contributor II
New Contributor II
In response to rushikeshvartak

‎03/11/2024 07:36 PM

Select InactivateUserOnly to change the status of existing users not present in the HR system as Inactive instead of terminating them and creating a Revoke Access task in EIC. This option does not terminate users although the User Termination from Imports configuration is enabled under Admin > Global Configurations > Identity lifecycle > OFFBOARDING.

We would want to Inactivate and terminate along with revoke access.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IDAM09

‎03/11/2024 07:39 PM

Does this configuration worked ? Please share job configurations


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

IDAM09
New Contributor II
New Contributor II
In response to rushikeshvartak

‎03/11/2024 07:43 PM

The logic works in non-prod. However, the users were imported with the "employeeid" as the recon field. But in prod, the users were first imported with username and then the recon field was changed.

Job configured is "Users Import (Complete) from Database (UserImportFullJob)"

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IDAM09

‎03/11/2024 07:53 PM

Please share job config screenshot


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

IDAM09
New Contributor II
New Contributor II
In response to rushikeshvartak

‎03/11/2024 07:56 PM

IDAM09_0-1710212177931.png

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IDAM09

‎03/11/2024 08:10 PM

It seems issue with XML . Please share full XML


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

IDAM09
New Contributor II
New Contributor II
In response to rushikeshvartak

‎03/11/2024 08:29 PM

Sorry, I wouldn't be able to share the full xml.

<dataMapping>
<sql-query description="This is the Source DB Query" uniquecolumnsascommaseparated="username,employeeid">
<![CDATA>
</sql-query>
<importsettings>
<zeroDayProvisioning>true</zeroDayProvisioning>
<generateEmail>true</generateEmail>
<userNotInFileAction>INACTIVATE</userNotInFileAction>
<checkRules>true</checkRules>
<buildUserMap>false</buildUserMap>
<generateSystemUsername>false</generateSystemUsername>
<userReconcillationField>employeeid</userReconcillationField>
</importsettings>
<mapper description="This is the mapping field for Saviynt Field name">
<mapfield saviyntproperty="username" sourceproperty="username" type="character"></mapfield>
<mapfield saviyntproperty="firstname" sourceproperty="firstname" type="character"></mapfield>
<mapfield saviyntproperty="lastname" sourceproperty="lastname" type="character"></mapfield>
<mapfield saviyntproperty="statuskey" sourceproperty="status" type="character"></mapfield>
<mapfield saviyntproperty="middlename" sourceproperty="middlename" type="character"></mapfield>
<mapfield saviyntproperty="employeeid" sourceproperty="employeeid" type="character"></mapfield>
</mapper>
</dataMapping>

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to IDAM09

‎03/11/2024 08:30 PM

<sql-query description="This is the Source DB Query" uniquecolumnsascommaseparated="username">


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC