Saviynt Forums

sab2 · ‎02/20/2024

Hi,

We have a use case where we are doing access certification campaigns. In our campaigns, we are using connected and disconnected applications. Our plan is to use actionable analytics to do revocations for the connected applications.

The issue for us is the disconnected application revocations. For our client, we are going to pull a report of the revocations from Saviynt and open tickets in SerivceNow for the disconnected entitlements to manually be removed from the accounts in the target applications. However, once the ServiceNow tickets are closed that the entitlements were removed from the target application then we need to remove the entitlements from the user's accounts in Saviynt.

How can we remove the entitlements from the users in Saviynt? We looked into import csv but does not seem feasible to revoke access this way. Also, we looked into bulk user access requests, but this creates tasks. We do not wants tasks to be created because there is no way for it to be provisioned / deprovisioned.

I read similar forums post linked below but am still unsure. Thank you for any ideas!
Bulk removal of entitlements using file import for... - Saviynt Forums - 58537

pmahalle · ‎02/20/2024

Hi @sab2 ,

You can do it two way.

1. You can automate this whole process by integrating SNOW as ticketing system with Saviynt.

Refer: https://docs.saviyntcloud.com/bundle/ServiceNow-v23x/page/Content/ServiceNow-as-a-Ticketing-System.h...

2. If you don't want to integrate then, Go to Saviynt Pending task and manually complete those remove access pending task once removed the entitlement from target and close the SNOW task.

First option would be the preferred one.

Pandharinath Mahalle(Paddy)
If this reply answered your question, please Accept As Solution to help other who may have a same problem. Give Kudos 🙂

sab2 · ‎02/20/2024

Thank you!

They are integrated with ServiceNow, however if we go that route, it creates one ticket in ServiceNow per revocation which could create 100s of tickets per application. So we are going this route to avoid that from happening. (I have an ideas portal open to create one ticket per application for revocations process!)

Also option #2 is lots of manual work in Saviynt so we were trying to see if there was any other workaround options to use.

rushikeshvartak · ‎02/21/2024

Also option #2 is lots of manual work in Saviynt so we were trying to see if there was any other workaround options to use.

use enhanced query to complete the task

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

sab2 · ‎02/22/2024

Awesome!! Do you have a sample query?

rushikeshvartak · ‎02/22/2024

select taskkey as arstasks__primarykey, 3 as arstasks__status from arstasks where taskkey=20000

Update logic as per your needs

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

naveenss · ‎02/20/2024

Hi @sab2 ,

For the disconnected app pending tasks, just run the wsretry job to complete the tasks so that the entitlements would be removed in Saviynt.

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

Saviynt Forums

Bulk Entitlement Import Revocations