We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

is it possible to certify both Role owner and associated entitlement owner in role owner campaign?

VenkatN
New Contributor
New Contributor

Hello,

We have requirement to launch role owner campaign for role's owner's and associated entitlement owner. Role owner needs to verify and take action on role and associated entitlement. also associated entitlement owner needs to verify the role and entitlement association.

Note: Role owner : -Primary certifier,  Entitlement owner :- secondary certifier

Challenges after campaign launch:

1. one of associated entitlement owner able to see and take action on other entitlements are associated with the same role.

2. we can see multiple certifications for entitlement owners with role associations but everything is visible for entitlement owners.

3.Entitlement owner can override all other entitlement owners decision.

Requirement:- Entitlement owner can able to see and take action on only their entitlement associated with particular role.

in step 1:- entitlement owner need to take action on both Role and their entitlement associated with.

Step 2(Final Verification):- Final verification done by role owner and can complete the campaign process.

 

Kindly help with us the above requirement to launch the campaign successfully.

 

Regards,

Venkat

1 REPLY 1

DaanishJawed
Saviynt Employee
Saviynt Employee

Hi @VenkatN ,

Primary Certifier -

For identity objects such as entitlements, roles, service accounts, and endpoints, you can add a primary and a secondary certifier as owners. A primary certifier can take actions on the certification and lock the campaign containing the certification.

The primary certifier can also delegate owned line-items to another user, in which case that user becomes the delegated reviewer for that line-item. However, the primary certifier still retains responsibility for that line-item.

Secondary Certifier -

For identity objects such as entitlements, roles, service accounts, and endpoints, you can add a primary and a secondary certifier as owners. A secondary certifier can take actions on the certification but they cannot lock the campaign. Only the primary certifier can lock the campaign.

The secondary certifier can perform actions on certifications, but those actions can be reviewed and overwritten by the primary certifier. The actions taken by the primary certifier are considered final.

Refer Link -  https://docs.saviyntcloud.com/bundle/EIC-User-v2022x/page/Content/06-mang-cert/cert-pers-bsd-cert.ht...

For your points below -

1. one of associated entitlement owner able to see and take action on other entitlements are associated with the same role.

This is expected since EO owner is the secondary certifier and based on the definition above secondary certifier can take actions on all entitlements in the same role.

2. we can see multiple certifications for entitlement owners with role associations but everything is visible for entitlement owners.

This is expected as well based on the above information.

3.Entitlement owner can override all other entitlement owners decision.

This is expected behavior as well.

Requirement - Entitlement owner should be able to see and take action on only on their entitlement associated with particular role -

This is not supported in Role Owner campaign. For this, you will have to launch an EO campaign.

Thanks