Enterprise Identity Cloud Discussions

Resolved! Workflow-two level including manager and entitlement owner

Hi,We have a requirement to design a two level work flow, once user requests for account and entitlement access to an application both the request (account and entitlement) should go to manager and once approved only the entitlement (access) request ...

Accounts Import from Database getting stuck

Hi,We have an issue where the account import from database job is getting stuck. It is able to import all of the accounts but it seems to get stuck after trying to correlate users to accounts. If I remove the User Account Correlation rule, the job wi...

Workflow- Access servers during office hours

Hi Team, Working on workflow to allow employees to create autoapprove request to access workloads during office hours. Office timing is from 8AM EST to 5PM EST. Please share the variables to be used in workflow condition. Thanks, Manju

Adding/removing Application Roles from user using REST API.

We were using /createrequest API to add/remove all type of roles from user on Saviynt version 5.5SP3.06, recently we had an upgrade to 5.5SP3.13 and this API started to fail with error "Invalid role found in request.." while trying to request Applica...

Endpoint Dynamic Attributes

I have a few questions about the use of dynamic attributes at the endpoint level. Specifically, I'm using this during the management of service accounts. Is it possible to restrict the 'Account Name' field for service account management to force only...

Workday Real Time Sync to Saviynt IGA

Okta provides something like Workday Real Time Sync to trigger an update from Workday to Okta in real time - https://help.okta.com/en-us/Content/Topics/Provisioning/Workday/workday-rts.htmDoes Saviynt provide such capability or have plans to provide...

Is it possible to rename a Saviynt Job

Some of our Job have been created with poor naming, making it hard to search/filter.If i edit a job, the display name of the job is greyed out.Is there a way to rename jobs without recreating?

SAV Role Specific Analytics

Hi Team,We are trying to map a specific analytic report to SAV Role. we have added the specific Analytics under SAV Role. But still it's not being displayed under user access. We have made the modifications to the SAV Role Feature Access, but no luck...

Resolved! Can we add a customized note beside the "comment" sections while raising the request

Hi Team,Can I add a customizable note beside the "comment" section while raising a request in Saviynt.Please find the attached screenshot so that it will help everyone to understand exactly which part I am talking about'

Minimum Permissions Saviynt-AWS integration account required

Hello CommunityI am looking for the minimum permissions required for the integration account for AWS integrationContext:Based on the Saviynt documentation to integrate with AWS, Saviynt provides 3 options for the Cloudformation template. All the 3 PA...

Salesforce - Substring in modify account json.

Hi Team,We tried to add substring function in modify account json in Salesforce out of the box connector.The substring function is not working. It is not giving any error but the data is not getting reflected as expected.{"Alias": "${user.firstname.t...

Resolved! DB Connector Import - Error Processing Records

Hi,We are trying to import accounts using DB Connector (using a Microsoft SQL Server database) with the following AccountsImport parameter:<dataMapping><sql-query description="This is the Source DB Query" uniquecolumnsascommaseparated="name" ><![CDAT...

How to change default reconciliation filed from userimport job

Hi All,We are developing solution to import users from Ultipro HR system using OOB SOAP connector. But, here we were asked to generate the username for users. Hence the attribute is not mapped with the list of attributes from feed. then we are using ...

Azure AD last login time

Hi all,How can I import the last login date time on an Azure account? Is there a direct attribute that can be mapped in the 'account attribute' section of the connection configuration? Thanks

Request for Active Directory Admin Accounts

Hi All,We have a requirement to enable users to request for Admin Accounts for Active Directory application directly from Saviynt. Currently client is using SNOW for requesting Admin accounts. We proposed to continue in the same way and invoke Saviyn...

If else condition is not checking properly in Sav to Sav DB connection

Hi Experts, we have requirement where we are assigning Manager role to Users who is a manager.We are storing Manger employeeid in CP4 of user profile and we are triggering the rule when cp42=yes then Manager assign rule wiil get trigger. But if any c...

Workflow issue

Hello,I`m using below condition :(endpoints.endpointname.contains('abc') eq true) orendpoints.customproperty1 eq 'Yes'If endpoint name is abc or endpoint customproperty 1 is yes then it should follow 1 level of approval or else 2 level.If I use the c...

Problem with WIN-PS Enable-RemoteMailbox script

Hello, We are trying to provision user mailbox from Saviynt. We deployed agent on Windows server, that part is working fine, we tried to write to a file and some other basic stuff. This is script in our CREATEACCOUNTJSON:{"CREATEACC":["Script=\$usern...

Feasibility of setting Entitlement owner ranks in Rest API import

This thread is in continuation to https://forums.saviynt.com/t5/identity-governance/mapping-servicenow-entitlement-owner-using-rest-api/m-p/15933#M6483.In that thread I am able to import entitlement owners via Rest API. But I do not know how to achei...

Workflow Redirect based on SOD after first approval

Hi, we have the following workflow use case to implement : Manager is the first level of approver : OKWhen manager approves the request, there can be remaining SOD, if not remediated.If there is still SOD in request : Redirects to second level : Role...

Resolved! PAM Certification

Hi Team,We would like to understand how best we might configure a Privileged Access Cert in Saviynt to review high risk access.Do we have any article on PAM certification in saviynt?If yes, plz provide the link.Regards,Ekata

Download zip file generated from exportTransportPackage REST API

Hi, I am using the "Export Package" SSM REST API to export objects - {{url}}/ECM/api/v5/exportTransportPackage Example: Please refer to the request text file for reference. On executing the request, I receive the response that export zip has been cre...

Unable to apply condition with set up delegate functionality

Hi,We have a condition to apply for set up delegate functionality where we want to restrict the request raised for delegating access for users( under Parent user) who are part of user group(members or owners). We tried using the query : 'delegates.US...

Account and entitlements reconciliation.

Hi Team,We want to reconcile the accounts and entitlements from the target application using the REST connector.Here the API has the Architecture of 2 calls (1st to pass creds, 2nd to read) we got the confirmation from Saviynt that it is not supporte...

Saviynt REST API details to Create Connection

Hi Team,Can anyone please share the REST API details to create a connection in Saviynt? This is not available in the below document.https://documenter.getpostman.com/view/1797923/SzKN22aV#0273222f-4294-4d20-aae1-9005988844bd

External Identities updated per day

Hi Team, This query i used to find the count of usernames who are updated within today. This is showing the result perfectly if i updated the users through UI. But when i tried updating users through CSV the result is not increasing. My intension is ...

How to reconcile service accounts with owners in owner tab from Active Directory

We have requirement to create service accounts in bulk directly in Active Directory. We wanted to reconcile all the newly created service accounts with owners in owner tab from Active Directory.

Resolved! Make Enterprise Role requestable

Hi Team,I created the Enterprise role and made "requestable as true" but still can't see in ARS page to request.Is there some configuration I'm missing?

Email templates - easy troubleshooting points

Hi experts,Could you please share your insights to troubleshoot the email templates when ever we face error like groovyexception ..etc., it would be really helpful, if you provide your expert ideas to solve the email related issues faster. Thanks,She...

Saviynt Analytics API max limit value

Hi Team ,Hi Team,We need to fetch all records from the analytics API in a single API call, but we observed that the {{url}}/ECM/{{path}}/fetchRuntimeControlsDataV2 API has a maximum response limit of 500.Could you please let us know if we can increas...

Resolved! Query to find child entitlement.

Hi Team,Do we have any query to get the child entitlement present in the system?I checked the tables in data analyzer but could not find the data.Regards,Ekata

Provisioning and Import not working.

Hello Team,We have an issue with provisioning and reconciliation for one of the rest based application. Task is getting errored out with the below provisioning comments{"headers":null,"message":"","statusCode":null,"description":null,"status":"Failed...

Managing Child pending tasks with Errored/Discontinued Parent task

Hi Everyone,Any idea why child tasks are not moving to completed tasks with ERROR status if parent task is error 'ed/Discontinued-Is there any job which should clear out these tasks? They are just stuck in PENDING TASKS

Disconnected App - assign tasks to different admins/users

Hi Experts,Please help. Very new to Disconnected Apps1. How do I assign task to users other than endpoint owner?2. How do I escalate if someone doesn't action task.Scenario: Saviynt Task should be assigned to admin team on target disconnected app. On...

Can't get dynamic from the workflow

Hello,I am trying to read the value of 2 dynamic attributes and assign them as approver to the next workflow steps.But it is not working.I have tried different solutions, but they are not working.First versionBoth approvals were going to admin (admin...

Unable to complete user creation flow using REST APIs

We have a sign up functionality though which we allow creation of new user in Saviynt SSM and the request goes through approval workflow, we are utilizing /createUserRequest API for user creation. We observed that the API generates request but no tas...

CreateAccountJson - get manager username

Hi All,I am using multiple calls in CreateAccountJson and one of the calls is to get the user's manager & populate it in the target applications' manager field. I am trying to reference the manager's username to achieve this. I am trying the below ca...

How to configure SuccessResponse/unsuccessResponses REST Connector

Hi All, To create accounts in target system, we have Configured the REST connector. The API response code for both success and failure is 200. How can we configure success and unsuccess responses within CreateAccountJSON? Below is the response body w...

Issue with Onpremise Windows - Just-in-Time account creation

I'm working on a new implementation and I'm having trouble requesting a JIT account for a Windows server on-prem. The request is pending and it appears to be stuck on the task type "emergency access instance Grant access." When I checked the pending ...

Consulted entitlements and accounts info in consult email template

Hi,We are running entitlement owner campaign. We want to get consulted entitlement and consulted account information in the consult email. Can someone let me know which object can be used for that or is that at all possible or not? Regards,Indranil

Updatedate of User

Hi,There is a requirement that we need to retrieve the userdata which got modified with file upload.The below query works to get all the users who got updated(even if there is no change in data). But we need only the users whose data(firstname or las...

Send analytics report to S3 bucket with assume role

Hello Could anyone please guide me how to send analytics reports to s3 bucket with assume role? Thanks

Need to understand task status

Below are the different task status listed in the saviynt documentation but want to understand on how/when tasks are marked as per below status. Because when the task is not provisioned and all provisioning tries are complete even task status show as...

SAML SSO - Multiple IDP

Could someone please share a working AuthenticationConfig.groovy file with MULTIPLE IDP configuration? We tried following the same steps as mentioned in the documents. But see the error below. caused by: org.springframework.beans.factory.BeanCreation...

Bulk Update for Endpoints Custom Properties

Hi Team,We have a requirement to update custom properties for bulk of endpoints.Kindly let us know how we can achieve this.

Saviyntapp in SNOW - Import Saviynt users mandatory

Hi All,We are implementing SaviyntApp in SNOW , where request will be raised from SNOW and approvals happen in SNOW. Saviynt act as Access fulfilment tool.SNOW get all user data from AD.Question: During implementing SaviyntApp on SNOW, is it mandato...

Salesforce Connector -Account Import - Exception in getNonActiveAccountsToBeDisabled

Hi ,We are importing accounts, job is failed below are the logs : "ecm-worker","2023-03-14T13:43:13.020+00:00","{"log":"2023-03-14 13:43:12,169 [quartzScheduler_Worker-1] DEBUG services.ImportUtilityService - Exception in getNonActiveAccountsToBeDis...

JWT in REST connection

Hi all,Have you ever worked on JWT in REST connection? We have a requirement to integrate PingIdentity with Saviynt through PingIdentity APIs. To make a call to the PingID API, we must construct an API request token. The request token is a JSON Web T...

Trying to connect to SQL server DB using Kerberos authentication

While trying to connect to SQL server DB using Kerberos authentication, we are facing the following error: Error While Test connection: Integrated authentication failed. ClientConnectionId:3e60f9f8-e307-4a5a-99ab-xxxx7e777 Any insights regarding thi...

Pass urlencoded data in API body

HI team,I am trying to create account using API and i am few issuesAPI is working fine from Postman but not from saviynt. Body of the API call is url encoded and data is sent in arrays. Can some one help me in CreateAccount Json built with the help o...