Use Case
Instead of using Detective job (which may cause performance issue based on the data) we can perform the deprovisioning using user update rules.
Version
2020 and Above
Solution:
- Get the time zone and end date from target and store in user attribute
- Create a runtime analytics report which has the condition according to the requirement and will give all users who are supposed to be disabled
- The output of the report should be username and status (or a custom property)
- call this report using our api - fetchruntimecontroldata
- Use that in the Saviynt 4 Saviynt user import and write the user update rules to deprovision accounts in status change.
- Example of the run time analytics
select username, enddate, CAST(convert_tz (CURRENT_TIMESTAMP(),'+00:00','+05:30') AS TIME) from users where DATE(convert_tz (enddate,'+00:00','+05:30')) = DATE (convert_tz (CURRENT_TIMESTAMP(),'+00:00','+05:30')) and enddate is not null and CAST(convert_tz (CURRENT_TIMESTAMP(),'+00:00','+05:30') AS TIME) > '23:59'
Note:
- ‘+5:30’ will be dynamic based on time zone.
- Create the analytics in V2 version only.