Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/09/2024 01:28 PM
Can we schedule to run baseline of applications? Or do we have to go inside Endpoint and run 'Re-Baseline Application' every single time
09/09/2024 01:44 PM - edited 09/09/2024 01:48 PM
@Thriller
You can't schedule it, but you can create KPIs and find out the issues on the endpoints.
Baseline Application/Re-Baseline Application
Baseline Application/Re-Baseline Application | Baselining of an application is the process of identifying rogue accounts or accesses, and taking measures for onboarding them accordingly. A baselining operation is performed by default for every application that is imported within Saviynt. You can also baseline an application manually by clicking Baseline Application for an endpoint by navigating to Admin > Security System > Endpoints. Saviynt also provides a Re-Baseline Application option that reviews any incremental changes within the application, due to which there could be a new set of rogue accesses. As the name suggests, re-baselining can be performed for applications that have already been baselined before. Video: Enhanced Application Baselining For re-baselining an already baselined application, click the Re-Baseline Application option for an endpoint by navigating to Admin > Security System > Endpoints. For re-baselining an already baselined application, perform the following steps:
The role-user and rule user repair options have been included in Re-Baselining to ensure that all entitlements are removed for users when they are no longer part of a role or they do not match the rule conditions. They help in scenarios such as a faulty import interrupting the role to user or rule to user relationships. The ‘i' icon next to the Baseline Application or Re-Baseline Application option to displays details such as the generated ‘arstaskkey’, the user who initiated the baseline application process, the date, and the number of accounts and entitlements that are baselined. For more information about 'arstaskkey’, see the Accounts Table in the Enterprise Identity Cloud Schema Guide. EIC also provides an out-of-band access detection functionality that detects and revokes accesses that are assigned by the target system. Based on the baseline or re-baseline results, you can choose the DeprovisionAccess or Deprovision Access and Re-create Access Request option from Action for Out of Band Access Detection for the rogue accounts or accesses found. To know more, see Configuring the detection of out-of-band access for endpoints in the Knowledge Base Articles. |
09/09/2024 04:14 PM
09/09/2024 10:47 PM
Hi @Thriller we had the same requirment earlier ... I couldn't find an ideas regarding..raise one and share we will upvote.
09/10/2024 06:38 AM
idea already in place https://ideas.saviynt.com/ideas/EIC-I-4666