We have a use case where users will request database privileged accounts in Saviynt. As part of account creation we are populating a CP value which we are using to identify the accounts that needs to be bootstrapped/vaulted .
Now once account is PAM_ENABLED and vaulted the credentials to Saviynt we want to notify the user that their credentials are vaulted and ready for checkout(We are not sharing account password to user through email).
How can we achieve this?
Only way we can think of s trigger a notification based on change password task completion. But problem is change password task can be triggered even during automatic rotation process(we don't have change password by self option).
Now how can we differentiate that change password task is created for initial bootstrap process vs subsequent automatic rotation? Looking at task details only difference we see is comments which we don't believe is a reliable parameter we can use to differentiate.
So anyone please suggest how we can achieve this?
Or is there a better way to notify users after credentials are vaulted?
Solved! Go to Solution.
How about using an analytical control on an ongoing basis to notify users about based on the account and its state? There is a concept of user context-based analytics which you should be able to use.
And email template to be used:
@anirudhsen : Analytics is not the best solution. Because we won't be able to notify the user immediately after vaulting. For vaulting itself currently user has to wait for a PAM Bootstrap process job to complete and then now for notification he may have to wait for this analytics job. Also now since we are using analytics job he is going get an email with attachment which is not the best experience.
Here we are talking about Privileged accounts and we have 1000+ such Database applications.
We are looking for better solution for this. If no other option is available then this is the last option we want to fall back.
I feel it is good to have this feature in built like any other task completion emails. If there is no other way then I will go ahead and submit an IDEA for this.