Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Review for multiple endpoints

Sitarasmi
Regular Contributor
Regular Contributor

‎03/06/2023 04:06 AM

Hi Team,

We want to trigger Access review for 2 AD based endpoints combinedly.Few users are part of group1 under endpoint1 and others are part of group2 under endpoint2.

We want to trigger application owner endpoint for them and want all users should be shown to the primary certifier.

Could you please check & suggest how to achieve this. what is the query to be put under Entitlement & account.

Thanks,

Sitarasmi

 

Labels:
0 Kudos
9 REPLIES 9

pruthvi_t
Saviynt Employee
Saviynt Employee

‎03/06/2023 11:57 AM

Hi @Sitarasmi ,

You can select the applications (endpoints) in the campaign configuration and for entitlement values of a specific type, you can use entitlement type key in the entitlement query and you can find the entitlement type key (groups in your case) on UI using below steps:

Under the endpoint, go to entitlement type tab. Now click on the view detail Icon for your entitlement type (groups in your case).Screenshot 2023-03-06 at 11.45.09 AM.png

You can find the entitlementtypekey in the URL for groups under that endpoint. Screenshot 2023-03-06 at 11.45.34 AM.png

Note: using entitlementtypekey in the query , would include all the entitlements which are of that entitlement type under that endpoint.

If you want to launch it for specific entitlements, then you can populate a custom property inforthe entitlements you want to include in campaign and use that custom property filter in entitlement query.

You can use same approach to include specific accounts.

Thanks,


Regards,
Pruthvi

sk
All-Star
All-Star

‎03/06/2023 03:31 PM

You can use Campaign Advanced configuration with Entitlement Query option to achieve your requirement

sk_0-1678145374938.png

Example: 

(entitlement_vaule=group1 and entitlementtypekey=<entitlementtypekey of endpoint1>) or (entitlement_vaule=group2 and entitlementtypekey=<entitlementtypekey of endpoint2>)

 

Entitlement type key of respective endpoints can be found by the steps shown by @pruthvi_t 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Sitarasmi
Regular Contributor
Regular Contributor

‎03/07/2023 07:25 AM

Hi,

We tried above method but access review is getting auto completed . We are even trying to provide details in account name.

Any input on this.

Thanks,

Sitarasmi

0 Kudos

sk
All-Star
All-Star
In response to Sitarasmi

‎03/07/2023 07:32 AM

Auto complete could be because of multiple reasons right,

  1. There is no matching data with query configured
  2. There are no active certifiers/no certifers assigned to matching entitlements
  3. There are no users/accounts under respective entitlements

Can you confirm what type certification you are launching? Also share you certification configurations and query utilized. 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.

Sitarasmi
Regular Contributor
Regular Contributor

‎03/07/2023 07:49 AM

Hi,

We are using Application Owner campaign. 

Below is the query used for entitlement

(entitlement_value="group1 and entitlementtypekey in ('213','4706')) or (entitlement_value="group2" and entitlementtypekey=4755) or (entitlement_value="group3"and entitlementtypekey=221)

Group1 is common between two endpoints but having different accounts.

Account Query 

name in ('acc1', 'acc2', etc )

Since we want only specific accounts from specific groups from different endpoints.

Thanks.

Sitarasmi

0 Kudos

sk
All-Star
All-Star
In response to Sitarasmi

‎03/07/2023 08:58 AM

When you run query in data analyzer do you see data coming with the where conditions you have used in advanced config?

Also do you have certifiers assigned at respective endpoint level?

sk_1-1678208245101.png

Also did you select respective objects in certification?

sk_0-1678208216316.png

 


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Sitarasmi

‎03/08/2023 01:27 AM

can you share certification config


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Sitarasmi
Regular Contributor
Regular Contributor
In response to rushikeshvartak

‎03/09/2023 03:35 AM

Hi All,

PFA certificate configuration.

 

Thanks,

Sitarasmi

Preview file
29 KB
0 Kudos

sk
All-Star
All-Star
In response to Sitarasmi

‎03/09/2023 06:37 AM

In the attachment I don't see the configuration related to objects included in certification.

Also did you try to check other things I pointed out?


Regards,
Saathvik
If this reply answered your question, please Accept As Solution and give Kudos to help others facing similar issue.
0 Kudos
Copyright © 2024 Khoros, LLC