on 04/11/2023 06:58 AM
In the User Manager campaign, the Employment Verification step certifies the employment status of an employee based on the following criteria:
Works For Me
Does Not Work For Me
Terminate
If a certifier terminates the user and clicks Finish Access Review, the following actions are performed in the system:
The Update Users Table for Does not Work For Me action configuration immediately updates the status of the user.
The Create Revoke tasks option immediately creates revoke tasks for all the accesses and accounts of all the endpoints irrespective of the termination logic implemented through rules.
To prevent triggering of unnecessary actions, perform the following steps:
In Step 1 of the User Manager campaign, launch the campaign with the following configurations for the termination scenario:
Allow User Termination in Show Employment Status options
Deselect Update Users Table for Does Not Work for Me and Create Revoke Tasks for Terminated Users, Revoked/Conditional Certified Accounts and Entitlements on Locking
These configurations:
Prevent immediate updates to the users table.
Stop creating revoke tasks for all the accesses and accounts of all the endpoints associated with the user.
2. Perform the following actions:
Identify all User Manager campaigns that are not in Cancelled or Discontinued status, but in Active status or moved to Completed or Expired in the last two days.
Two days has been set to prevent the issue arising from different time zones.
2. In the campaigns identified in Step 1, identify certifications with the Fully Executed status and a Terminated Response from the certifiers.
3. Update the following attributes only for the terminated users:
Username
Comments
Termdate
Statuskey
CP28 (Set it as the campaign name)
The Customproperty28 acts as a flag for preventing the update of the same user. Set it to null (or) CP28 != CampaignName.
4. Run the Database Import job every four hours.
<dataMapping> <before-import> </before-import> <sql-query description="This is the Source DB Query" uniquecolumnsascommaseparated="username"> <![CDATA[ SELECT cu.USERNAME AS 'username', concat_ws("#####","User terminated through Certification ",c.certkey,c.cert_name,now()) as comments, now() as termdate, 0 as statusKey, cm.campaign_name as customproperty28 FROM certification c, campaign cm, users u, certification_user_status us, certification_user cu WHERE c.CAMPAIGNKEY = cm.id AND cu.CERT_USERKEY=us.CERT_USERKEY AND c.certkey = us.certkey AND u.USERKEY = cu.USERKEY AND u.statuskey = 1 /* User is active */ AND cm.campaign_type=2 /* UM campaign */ AND cm.status NOT in (3,6) /* Campaign Should not be cancelled or discontinued */ AND (cm.status in (5) /* Campaign active */ or (cm.status in (2,7) and cm.last_updated > now() - Interval 48 hour) /* Campaign completed or expired in last 2 hours */ ) AND c.STATUS in (10) /* Cert status in Locked-3, Expired-4, task created-8, Fully Execut-10 */ AND us.certified in (4) /* Terminated-(4), No Response-(1,null), Does not work for me - (3) */ AND (u.customproperty28!=cm.campaign_name or u.customproperty28 is null); /* Flag is null or Flag != CampaignName*/ ]]> </sql-query> <importsettings> <zeroDayProvisioning>false</zeroDayProvisioning> <userNotInFileAction>NOACTION</userNotInFileAction> <checkRules>true</checkRules> <buildUserMap>false</buildUserMap> </importsettings> <mapper description="This is the mapping field for Saviynt Field name" defaultrole="" dateformat="date"> <mapfield saviyntproperty="username" sourceproperty="username" type="character"/> <mapfield saviyntproperty="comments" sourceproperty="comments" type="character"/> <mapfield saviyntproperty="termdate" sourceproperty="termdate" type="date"/> <mapfield saviyntproperty="statuskey" sourceproperty="statuskey" type="number"/> <mapfield saviyntproperty="customproperty28" sourceproperty="customproperty28" type="character"/> </mapper> <after-import description="EMAIL,BATCH,SQL"> </after-import> </dataMapping>