and more in a single search tool across platforms. Read the announcement here. |
03/16/2023 10:29 AM - edited 03/16/2023 10:39 AM
Team,
We have a use case where users will request database privileged accounts in Saviynt. As part of account creation we are populating a CP value which we are using to identify the accounts that needs to be bootstrapped/vaulted .
Once vaulted we are also rotating the password at regular interval automatically based on password policy. Now once account credentials are rotated we want to notify the user.
To achieve this we tried to use task completion email with action as Change Password ?
But problem we are noticing is that these change password tasks didn't have user data exposed unlike regular change password tasks. Instead by default we are always seeing default admin user details when use ${user.xx} variable to get user details.
Now how can we notify users about their account credentials have been rotated?
Below are variables that are exposed for email template and respective data when change password task is generated through PAM process (bootstrap or automatic rotation)
tasktype = Change Password
manager = null
accountOwners = []
randompassword = xxxxx
entitlement = []
users = systemadmin
requestor = systemadmin
out = java.io.PrintWriter@51bece8d
account_password = xxxxx
task = com.saviynt.ecm.task.ArsTasks : xxx
accountname = dpsxkxxx Updated Password - xxxxx
requestid = AutoGenerated
endpointDisplayName = Test-PostgresDB-xxxxx
account_name = dpsxkxxx
baseUrlForEmail = https://release-n-xxxxx/ECM
user = systemadmin
taskaction = Change Password
account = dpsxkxxx
Below are variables that are exposed for email template and respective data when change password task is generated through regular change password process(UI)
tasktype = Change Password
manager = E9005xxx
accountOwners = []
randompassword = xxxxx
entitlement = []
users = E900xxxx
requestor = E9xxxxxx
out = java.io.PrintWriter@68d2fdfe
account_password = xxxxx
task = com.saviynt.ecm.task.ArsTasks : xxxx
accountname = dpsxkxxx Updated Password - xxxxxx
requestid = AutoGenerated
endpointDisplayName = Test-PostgresDB-xxxxx
account_name = dpsxkxxx
requestormanager = E900xxxx
baseUrlForEmail = https://release-n-xxxxxx/ECM
user = E900xxxx
taskaction = Change Password
account = dpsxkxxxx
Below are variables that are exposed for email template and respective data when change password task is generated through regular change password process(API)
tasktype = Change Password
manager = E9005xxx
accountOwners = []
randompassword = xxxx
entitlement = []
users = E900xxxx
requestor = xxxx
out = java.io.PrintWriter@502e2c23
account_password = xxxxx
task = com.saviynt.ecm.task.ArsTasks : xxxx
accountname = dpsxkxxx Updated Password - xxxxx
requestid = AutoGenerated
endpointDisplayName = Test-PostgresDB-xxxxx
account_name = dpsxkxxx
requestormanager = E900xxx
baseUrlForEmail = https://release-n-xxxx/ECM
user = E900xxxx
taskaction = Change Password
account = dpsxkxxx
If you look at the data that is coming in different way PAM Process, Change Password from UI and Change Password from API, Only PAM process is not giving the user details
Note: We know we can use analytics as a workaround to identify any changes happened after last run date and notify. But we want to avoid because Task completion email is default feature which should work and it works fine with regular change passwords only issue is with PAM process. So trying to understand if this is bug or there is a different way to implement this.
Solved! Go to Solution.
03/20/2023 03:25 PM
@sk Thanks for posting the question. When you say PAM Process, are you referring to the extension jar used for periodic password rotation? If yes, this will require an update on the jar and in the analytic control as well if we are not fetching user name in the existing one.
Thanks,
Nagesh K
03/21/2023 06:15 AM
03/22/2023 11:12 AM
Are you able to resolve this?
03/23/2023 11:40 AM
03/22/2023 11:11 AM
Hi Nagesh,
Do we have any Saviynt document/link for periodic password rotation.
If yes, please share that. Thanks,
03/23/2023 11:37 AM
Here is the link for Periodic password rotation process: https://docs.saviyntcloud.com/bundle/CPAM-Admin-Guide-v2022x/page/Content/G-Password-Management/Peri...
03/24/2023 04:53 PM
We got confirmation from our FD ticket that this is not currently supported and hence we opened an IDEA# https://ideas.saviynt.com/ideas/EIC-I-4366.
@UVP, @Dheeraj_Reddy : If you guys are also on same boat please upvote the IDEA