Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Saviynt Azure AD Monitoring

Hindrance
New Contributor II
New Contributor II

‎10/30/2023 01:29 PM

I am looking for capability in Saviynt that can monitor Azure AD users and flag ones that were not created by Saviynt. Does anyone know if Saviynt has the capability and if so where it exists. 

0 Kudos
6 REPLIES 6

rushikeshvartak
All-Star
All-Star

‎10/30/2023 09:03 PM

Use saviynt OOTB Report Out of Band access which can find account created outside saviynt and use baseline feature.

Refer https://docs.saviyntcloud.com/bundle/KBAs/page/Content/Configuring-the-detection-of-out-of-band-acce... 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hindrance
New Contributor II
New Contributor II
In response to rushikeshvartak

‎10/31/2023 11:10 AM

Do you have any insight to the process of

"Bootstrap the existing access at the endpoint. This requires you to update a dummy task key for all the existing account entitlement entries for the endpoint to baseline the current status.

This is an important step to perform before activating the out-of-band action. Otherwise, the out-of-band action will remove all the accesses that do not have a Taskkey mapped to the account_entitlements1 table."

0 Kudos

Manu269
All-Star
All-Star
In response to Hindrance

‎10/31/2023 02:38 PM

Hello @Hindrance ,

When you onboard an app in eic at first instance, eic post import runs the baseline job. This job will assign the dummy key to all the account and access reconciled. You can view the same via navigating to endpoint .

Now from next run, and you import accounts and access again and do not run the baseline task manually eic then treats the additional access as our of band.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

rushikeshvartak
All-Star
All-Star
In response to Hindrance

‎10/31/2023 10:02 PM

when you click baseline button , it create task and task id is copied to all entitlement in account_entitlements1 table where ever its missing 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

Manu269
All-Star
All-Star

‎10/30/2023 09:06 PM

Refer this article : Configuring the detection of out-of-band access for endpoints (saviyntcloud.com)

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.

Hindrance
New Contributor II
New Contributor II

‎11/09/2023 10:14 AM

I am not seeing task id in the account_entitlements1 table. I am seeing ARSTASKKEY is that what it is called now?

0 Kudos
Copyright © 2024 Khoros, LLC