|
Click HERE to see how Saviynt Intelligence is transforming the industry. 
|
Hi,What is the best way to create multiple entitlement types for an AD-logical Endpoint? Right now we have Endpoints with Entitlements all of the default entitlement types "Groups" or "memberOf" and we'd like to separate and organize the entitlements...
Hi,Requirement - We want to evaluate the violations/conflicts at the time of access request but we want user to request sap role and saviynt should evaluate on the basis of Tcode. Is this possible? If yes, how?
Hi,We need to allow users to only request emergency access. Can someone advise on which request features we should include in the SAV Role? We've added "Request Emergency Access Roles" as a feature since we are raising Emergency access via a role, bu...
Hello,We want to segregate the endpoint visibility according to one attribute but when we are configuring it in the access query then its not working as expected.In the endpoint access query, we are using :where users.CUSTOMPROPERTY10='2'But the endp...
Hello Saviynt,We have a User update policy that tirggers update account task based on users profile update.However, if a user have a manually suspended account in an application, Saviynt create update account task. How can we exclude a task creatio...
Hi,We have a ServiceNow connector that generates tickets for disconnected applications in ServiceNow. If multiple entitlements are selected, they are populated on the same ticket using the variable ${allEntitlementsValues}, this seems to work just f...
Dear Team,We have the below setup while raising a request for new user for Coupa So you get to select multiple entitlements while raising create user and one of them is Account Group and for this specific one so it can be passed and reflected to coup...
Hi all,We have requirement where, Application roles should be set for temporary access while requesting through ARS.Can we set dynamic attribute for start date and end date at Role level?Is it possible to configure start date and end date for "Applic...
Hello All,We have an endpoint in which we have imported all entitlements under a particular "OU" in the group import mapping. Currently all those entitlements are requestable under that endpoint. Now, we want few of the entitlements to be made non re...
Hi,We are trying to create accounts in SAP HANA using a DB Connector. However, the requirement is to set force password change on next logon as false.We have used the below code in Create Account JSON, but it throws an error : JSON SAV - Error while ...
Hi Team,We have the below use case for mitigation controls. 1. Is it possible to have a blanket/one-for-all mitigating control in IGA that will cover all applications? or do we need to set up mitigating controls per app? 2. If possible, are there any...
Hi,when access to SAP roles are provisioned from Saviynt to SAP CUA as a part of an enterprise role request the SAP connector seems to set the SAP role start date as the current date. Is it possible to change this behaviour so that it would provision...
Hi,We wish to send the details of all Service Account Owners while requesting new access via the Manage Service Account Tile.However, this is not working.Used the below code : ${ServiceAccountOwnerMap.get("USEROWNERS").get("ALL").collect{it.firstname...
Hi Everyone,We have request where, when one user has more than or equal to 1024 entitlement of same account then Saviynt should pop out an message that they cannot add/provision more entitlement to the user.To perform the same we need to count the en...
I sHello - just wondering some many companies are using ServiceNow access request integrated with Saviynt? Are there features that are missing such as certifications, pending approvals and any other features missing? is there a big why to using Servi...
I have the below account name rule in both Dev and QA. In Dev, when we test the uniqueness situation, I see it iterating through the options (ending in A vs B vs C vs D, etc.)In QA, after the first account is requested that ends in A, when I try with...
hello I m trying to have the ability to change/update the end date , why i can't check the box ?Thanks!
Hi all. I had previously made a post about emails not being sent after they should have been triggered by a workflow. After looking at the problem more in depth, we have found more details but are still not able to solve the issue, so I am making a p...
Hi,We're dealing with an issue related to XML formatting and variable replacement when triggering an Access add/remove.Because of the way this suite of applications works, in an hybrid JSON/XML approach, we created an Enhanced Query Execution job wit...
We have a ARS form to request access for a critical App which has some high risk roles.The form has a dynamic attribute as "Energy IP Permissions". The value in dynamic attribute is coming from a user attribute(customproperty18).User has a attribute ...
Hello Team,We have a requirement of birthright to be assigned to Salesforce to create a new account and assign entitlements. We have done the same via user update rule and technical rule (as emails are updated after the user creation via import so us...
Hi Team, We have Requirement where we need to provision Entitlements based of Users Department We have 2 types of Entitlements Roles and Groups and in Roles .Roles has just one Entitlement called UsersGroups these are more in numbersExpectation , w...
Hello, I have a question on how to do this restriction; the process is as follows:check if the account status is active; after we should have a restriction so users can request access for this account but they can't Modify anything else if users atte...
Hello,I have created a workflow with condition: (entitlement.getAllowner().size() == 0) or (com.saviynt.ecm.identitywarehouse.domain.Entitlement_values.executeQuery("Select u.statuskey as eoStatus from Users u,Entitlement_owners eo,Entitlement_values...
Hi All,We have a Roles and Entitlements in ARS page for Access request. We need Role to be selected first and then need entitlements, but in form it shows roles at last. How do we get Roles as first.
Hi,I created a service account request form for an application.In the REST connector we are using the Dynamic attributes, And i have given below logic in the mapping.\"gecos_desc\": \"${(requestAccessAttributes.get('ACCOUNTTYPE')== 'Service Account' ...
Hello,regarding multiple entitlement owner assignment, i saw the following post:https://forums.saviynt.com/t5/identity-governance/how-to-provision-multiple-owners-for-ad-groups/m-p..."otherManagedBy": "${allOwnerList?.size() > 1 && ownerAccountListMa...
Hi All,We have a requirement where we have an entitlement type, and we want to restrict user requesting the entitlement on ARS page. He can only remove the entitlements he has of that particular entitlement type but cannot add.We tried different opti...
Hi Team,We have a requirement to enable approve or reject all the pending requests for the request approvers, as per the below documentation, I have enabled the check box, however it is not displaying the approve/reject all option on the approval pag...
Hi,I have a created a separate Connection and security system for AD and created a logical application/Endpoint. In the security system, i have also kept 'Entitlements only' in create task action. User also has account in base AD.when i am raising a ...
Hi Team,I am trying to upload the access for the accounts on bulk for one of the application, the entitlement is requestable .This is the error i am seeing , please let me know if anyone faced this type of error. Regards,Sandhya.
Hi All,We have configured two email templates at manager level approval as seen below, One Approval email for approver and one request submission email to requestor. In case of manager submitting a request for his direct reportee, this gets auto ap...
Hello,regarding access provisioning / deprovisioning i had an issue with the long excusion time that i meantioned here and here,i tried many approaches, filtering endpoints and status for both entitlement and accounts as well as creating a dataset t...
Hello everyone,i saw in the following forum that dataset threshold only 10k lines of entries. and an answer was given to break it into two datasets and fetch the data.and i posted about dataset herebut i want to know:so for example it means we should...
Is there a way to restrict the groups/ entitlements when creating Add/ remove access ARS request through Saviynt API ?We are trying to restrict the API calls to be made for 3-4 specific entitlements only and the API calls should not work for other en...
Hello,I'm facing an issue where a dynamic attribute ${ad_ou} is not resolving during AD provisioning, resulting in the following error:[LDAP: error code 34 - NameErr: DSID-03100232, problem 2006 (BAD_NAME)]It seems that the dynamic attribute is not r...
Hi All,We are following below document for configuring logical AD applications:https://docs.saviyntcloud.com/bundle/KBAs/page/Content/Logical-Active-Directory-Applications.htmAs per this document , we need to set below configuration at Security Syste...
Hi All,I have configured out of the box SaviyntForSaviynt(enabled from Global config) and when I try to add user groups from access request, The task gets completed with provisioning comments as "msg":"username cannot be null or blank","errorCode":"1...
Hi, We are trying to create dynamic attribute based on calculated account name in ARS request.When requests is raised account name is calculated using endpoint's 'Account name Rule'.What attribute we should we use in SQL query for dynamic attribute?...
Hi Experts,As I understand, when there are two entitlements to be removed for same account for a user, although there are two tasks created but only one call is made to ServiceNow with values of both tasks aggregated in "allEntitlementsValues".Is the...
Hi,I am trying to Request Emergency Access Roles. I have the below doubt-Since emergency access is a time bound request, is there a way we can have auto provisioning of entitlement instantly when the Add/Remove task is created instead of waiting for ...
Hi Saviynt Community,as a follow up on this topic i would like to ask, the long Query execution would be worse once we are in the production and have more than 100 thousands entitlements to assign right? so..I'm currently exploring a solution to dyna...
Hi,Can anyone help me with following use case?We need it in our ARS Page.we need the ARS configuration as follows,If a user selects a particular role (lets say abc role), then Group is not mandatory to be selected on the ARS page.If the user selects...
Hi Team,Is there a way to do bulk import of renaming/updating the entitlement value name to a new entitlement value name?Thanks & Regards,Pravallika Taniparthy
Hi Team,I’m working on the Miro Application using the Saviynt community connector for Miro utilizing integration document (https://docs-be.saviyntcloud.com/bundle/SSM-Connectors/page/Content/Resources/Attachments/MiroIntegrationguide.pdf).I can impor...
Hello All,We have configured Associated Entitlement, after provisioning the associated entitlement mapping to secondary AD account and not mapping to primary account. In AD endpoint, we have mentioned Primary account types also but still associated E...
Hi,we have a request to expiry only specific requests like, Request created to modify user profile attributes through UI.where the Request will go Manager and If manager has not taken any action after 14 days the request should be expired.we can not ...
Hi,This is regarding service accounts via the manage service account tile.We are trying to put a regex restriction on an endpoint level dynamic attribute that generates account name.To generate the accountname, we are using another dynamic value whic...
We are using the "Saviynt App for ServiceNow" and ServiceNow as the Workflow Engine to raise and approve application account, access and roles in ServiceNow. Customer can specify a start date and end date in ServiceNow, but the time zone in ServiceNo...
Hi Team,Can any one confirm ,do we have any option to hide accounts in manage my access page , we are looking to hide all the accounts ,if user has multiple accounts correlated to a user. these accounts comes as part of Reconciliation and tagged to ...
