Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Assign SAV Role as an Entitlement in Enterprise Role

Go to solution
dvillalta
New Contributor III
New Contributor III

‎04/10/2024 12:48 PM

Hey all

We have a requirement of assigning a SAV Role for PAM to several users but the assignment needs to be done based in a specific Enterprise Role, preferably if the SAV Role can be inside the Enterprise Role as an Entitlement

Regarding this, I can add the SAV Role as an Entitlement inside a specific Enterprise Role without any issues

dvillalta_0-1712778247949.png

The thing is that, once this is done, if I try to add a user to the Enterprise Role the request gets immediately rejected without a reason message, if I remove the SAV Role from the Enterprise Role I can add users without any issues

I've checked the configuration for the SAV4SAV connection as well as the configuration for the Enterprise Roles, and I don't see anything out of place

Basically the question is, can this (assign a SAV Role as an Entitlement inside an Enterprise Role) be done? If it is, what could be causing the user add to be automatically rejected without any error message?

If it is not possible I would guess my only other option would be an actionable analytic, but would prefer if possible to be done the way stated in this post

Thanks

 

Labels:
0 Kudos
10 REPLIES 10

Go to solution
dgandhi
All-Star
All-Star

‎04/10/2024 04:02 PM

Is there any workflow attached for Role Request? Can you check that once?

 

Thanks,
Devang Gandhi
If this reply answered your question, please Accept As Solution and give Kudos to help others who may have a similar problem.

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star

‎04/10/2024 07:09 PM

Please check workflow logic , workflow is defined at global configuration.

rushikeshvartak_0-1712801380669.png

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
dvillalta
New Contributor III
New Contributor III

‎04/11/2024 02:22 PM - edited ‎04/11/2024 02:23 PM

Hey @rushikeshvartak, @dgandhi 

There is a workflow but it is configured as auto approve everything since this is our DEV environment

The other option I found to perform this is make use of Entitlement mapping, therefore I created an AD group and mapped the SAV Role to it, then added the AD group to the Role as an entitlement

By performing this I can add users to the role without any issues, but it looks like the SAV Role is not being assigned to the user (if I go into the SAV Role>Users I don't see the users being added)

The SAV Role itself has a workflow that is set to auto approve everything as well in SAV Role>ROLE_SAV_PAMENDUSER>Workflow

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to dvillalta

‎04/11/2024 07:33 PM

  • Does Sav role entitlement is active ?
  • Can you share logs

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
dvillalta
New Contributor III
New Contributor III
In response to rushikeshvartak

‎04/11/2024 07:44 PM

It is active and I have some users with that role assigned directly from the SAV Roles page as we're performing some PAM testing, these users appear as assigned users under the SAV Role and they can make use f the PAM sections

The users assigned via Enterprise Role do not appear as assigned nor have access to the PAM section, these also applies for the users that have the entitlement that has been mapped to the SAV Role, they do not appear in the users list, nor can access the PAM sections

I can attach logs, but will be able to do it until tomorrow morning ET

 

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to dvillalta

‎04/11/2024 07:48 PM

Check Provisioning connection is working for saviynt app and automated provisioning is enabled


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
dvillalta
New Contributor III
New Contributor III

‎04/12/2024 07:57 AM

@rushikeshvartak 

Sav4Sav connection is working correctly, instant provisioning as well as automated provisioning are enabled in the Security System for Sav4Sav

dvillalta_0-1712933067663.png

 

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to dvillalta

‎04/12/2024 08:25 PM

Please share logs


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Go to solution
dvillalta
New Contributor III
New Contributor III

‎04/16/2024 08:05 AM

So, after a lot of tinkering and digging around in configurations, I've found what caused the behavior

Inside the endpoint for the SAV4SAV>Entitlement Type it looks like for the SAVRole type the request option was set to None, I modified the option to make use of the None(Create Task) and this appears to have resolved the issue

dvillalta_0-1713279683839.png

Now I'm able to add the SAVRole as an Entitlement to the Enterprise Role via Entitlement mapping (as stated posts above) and the request for said SAVRole gets correctly created and assigned, and I see the users correctly listed inside the SAVRole users section

So for anyone having the same issue, make sure to have an auto approve workflow inside the specific SAVRole, perform an entitlement mapping, and check the SAV4SAV>Entitlement Type>Request Option to be set as None(Create Task), this would allow to add a SAVRole as an entitlement inside an Enterprise Role

0 Kudos

Go to solution
rushikeshvartak
All-Star
All-Star
In response to dvillalta

‎04/16/2024 09:21 PM

This is standard behavior any entitlement types entitlement added under role should have request option either Dropdown / table/ none (create task) instead of None.

This is not limited to sav4sav

Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question. @dvillalta 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC