Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

How to Enable Preventive SOD on ARS Page

amitasingh123
New Contributor
New Contributor

Hi Team,

I want to enable preventive SOD on the ARS page to stop users from requesting access that is defined in the SOD module. I followed each step outlined in the link below, but unfortunately, it's not enabled on the ARS request. Even after following every step, users can still request entitlements defined as risks in the SOD module. Please tell me what additional settings we need to perform to activate preventive SOD violations on the ARS request page.

https://forums.saviynt.com/t5/community-knowledge-base/how-to-view-enable-valid-sod-violations-in-th...

https://forums.saviynt.com/t5/identity-governance/preventing-sod-is-not-working-in-request-flow/m-p/...

9 REPLIES 9

rushikeshvartak
All-Star
All-Star
  • Did you added entry in externalconfig.properties under sod.endpoints
  • also add endpoint in global config
    • rushikeshvartak_0-1715275275774.png

       


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Yes I added endpoint name in externalconfig.properties under sod.endpoints see the below screenshot

amitasingh123_1-1715333740741.png

also add endpoint in global config

amitasingh123_0-1715332841280.png

 

Raghu
Valued Contributor III
Valued Contributor III

@amitasingh123  Did enabled in your admin or rspected sav role ? and check it

Raghu_0-1715364219494.png

 


Thanks,
Raghu
If this reply answered your question, Please Accept As Solution and hit Kudos.

yes I enabled already.

  • Validate ruleset is marked as active 
  • show sod button under sav role is enabled

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Yes ruleset is also active and SOD button is also enabled, still it's not working.

Share logs when request is moved from step 2 to 3


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Please find the logs, when I requested for Application from ARS page it complete the approval process without showing SOD violation for the entitlement include in functions defined for application.

itinjic
Regular Contributor
Regular Contributor

o enable preventive SOD violations on the ARS request page, follow these steps:

1. Make sure you have created the required functions and mapped the corresponding entitlements.

2. Set up the SOD Analysis function mapping for the specific ruleset.

3. Enable the "Show SOD in Request" option for the SAV role(s) of the users who should be able to see SOD violations during the access request.

4. Check the SOD configuration in the Global Config settings to ensure the "Evaluate SOD for role request" option is enabled.

5. Validate that the roles being requested in the ARS request have SOD conflicts defined in the SOD module.

6. Ensure that the requester has the necessary entitlements to trigger the SOD violations.

If you have followed all these steps and preventive SOD is still not enabled, you may want to review the SOD configuration and rulesets to ensure they are correctly set up. Additionally, consider reviewing the configuration of the function mappings and entitlements to ensure that they align with the SOD rules and conflicts you want to enforce.

If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.