Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Connector EnableAccountJSON Delete Value

Testy
New Contributor III
New Contributor III

‎04/25/2023 02:45 PM

I have a disabled account, which I want to re-enable. To disable the account we add an nsRole (attribute) to the account, nsRole= 'Disabled'. To re-enable the account I need to delete the 'Disabled' nsRole. How can I achieve this? I don't think there is functionality in the enableAccountJSON to delete an attribute value. Please note that the nsRole attribute is multivalued, so the user has nsRole = 'Disabled', 'user', 'admin', etc.

Labels:
0 Kudos
6 REPLIES 6

sai_sp
Saviynt Employee
Saviynt Employee

‎05/02/2023 02:11 PM

There is one way to achieve this use case. You can import the nsRole attribute to one of Saviynt's account custom properties. This data will be imported as comma separated values since it is a multi valued attribute in AD. Once the data is in Saviynt, you can use Replace function in the enable account json and try to replace the Disabled value in the customproperty with a blank space and send the update to AD. You can try this and let us know.

0 Kudos

Testy
New Contributor III
New Contributor III
In response to sai_sp

‎05/03/2023 08:08 AM

Can you please give an example of the replace function, documentation only has these parameter:

DISABLEACCOUNTCHECKRULE: Define a rule for reusing inactive accounts. When this rule is defined and a user is terminated, EIC tries to reuse the inactive account IDs of the user by checking the IDs in the DISABLEACCOUNTOU attribute. If the IDs are found in the DISABLEACCOUNTOU attribute, the OU is fetched and the account is enabled. 

  • ENABLEACCOUNTOU: Specify the name of the destination container to move the account. You must define it only if the MOVEDN attribute is set to Yes. 

  • REMOVEGROUPS: Instruct the connector to remove the previously assigned groups of the user after the account is enabled or reassign the user to the same group. When set to No, the user is reassigned to the same group.

  • USEDNFROMACCOUNT: Instruct the connector to obtain the existing DN of the account from the accounts table. When set to Yes, the connector obtains the existing DN of the account.

  • MOVEDN

0 Kudos

mbinsale
Saviynt Employee
Saviynt Employee
In response to Testy

‎05/03/2023 10:40 AM

replace function would be a regular JAVA String function

0 Kudos

Testy
New Contributor III
New Contributor III
In response to mbinsale

‎05/05/2023 07:03 AM

How would this look like in the EnableAccountJSON?

0 Kudos

mbinsale
Saviynt Employee
Saviynt Employee

‎05/02/2023 02:19 PM

The way this can possibly be achieved is by doing the below

1. During account import, map the nsRole to one of the CustomProperties in the account attributes. You can do this using the Account_Attribute Mapping field in the Connection

2. During enableAccount, in the enableAccount JSON you can use the action "AFTERENABLEACTIONS : { nsRole : custompropertyxx} })" where custompropertyxx is the original mapped attribute.

Now the nsRole / custompropertyxx will get updated when the account is disabled and the original value will be updated. For this, you can use the JAVA string functions in the JSON to update the value and send it as part of the enableaccountjson

Testy
New Contributor III
New Contributor III
In response to mbinsale

‎05/03/2023 08:07 AM

This would not work because nsRole is a multivalue

0 Kudos
Copyright © 2024 Khoros, LLC