We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

How to notify users about their privileged account has been vaulted

sk
All-Star
All-Star

Team,

We have a use case where users will request database privileged accounts in Saviynt. As part of account creation we are populating a CP value which we are using to identify the accounts that needs to be bootstrapped/vaulted .

Now once account is PAM_ENABLED and vaulted the credentials to Saviynt we want to notify the user that their credentials are vaulted and ready for checkout(We are not sharing account password to user through email).

How can we achieve this?

Only way we can think of s trigger a notification based on change password task completion. But problem is change password task can be triggered even during automatic rotation process(we don't have change password by self option).

Now how can we differentiate that change password task is created for initial bootstrap process vs subsequent automatic rotation? Looking at task details only difference we see is comments which we don't believe is a reliable parameter we can use to differentiate.

So anyone please suggest how we can achieve this?

Or is there a better way to notify users after credentials are vaulted? 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
4 REPLIES 4

anirudhsen
Saviynt Employee
Saviynt Employee

How about using an analytical control on an ongoing basis to notify users about based on the account and its state? There is a concept of user context-based analytics which you should be able to use.

Example below:
https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter17-EIC-Analytics/Managing-An...

 

And email template to be used:

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter06-EIC-Configurations/Creati...

@anirudhsen : Analytics is not the best solution. Because we won't be able to notify the user immediately after vaulting. For vaulting itself currently user has to wait for a PAM Bootstrap process job to complete and then now for notification he may have to wait for this analytics job. Also now since we are using analytics job he is going get an email with attachment which is not the best experience.

Here we are talking about Privileged accounts and we have 1000+ such Database applications. 

We are looking for better solution for this. If no other option is available then this is the last option we want to fall back.

I feel it is good to have this feature in built like any other task completion emails. If there is no other way then I will go ahead and submit an IDEA for this.

  


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Opened an IDEA: https://ideas.saviynt.com/ideas/EIC-I-4366


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Pramod_V
Saviynt Employee
Saviynt Employee

Hi SK, Anirudh, 

The attached document contains a step-by-step process of how to setup a report so that users are notified through an email for the specific line items in the report that pertain to them. 

Hope this helps. 

~ Pramod