Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Self Certification - excludes accounts with entitlements

SUMAIYA_BABU
Regular Contributor
Regular Contributor

‎02/16/2024 02:49 PM

I am trying to create a self certification to certify only accounts from particular endpoints and not the entitlements associated with accounts. However, when I designate only 'Accounts' in the 'Objects to be included in Certification' section, I observe that only accounts without entitlements are incorporated into the certification, and those with one or more entitlements are omitted.

SUMAIYA_BABU_0-1708123453550.png

 

On the other hand, if I include both 'Accounts' and 'Entitlements' in the 'Objects to be included in Certification' section, all accounts and entitlements are added to the certification. Despite attempting to filter entitlements using an Advanced query with an invalid condition, such as:

SUMAIYA_BABU_1-1708123590616.png

the outcome remains consistent—only accounts lacking entitlements are included in the certification.

Labels:
0 Kudos
4 REPLIES 4

rushikeshvartak
All-Star
All-Star

‎02/19/2024 07:07 PM

Its working as expected 

rushikeshvartak_0-1708398342028.png

 

ae1.accountkey not in (select a.id from Accounts a where a.endpointkey=95)

rushikeshvartak_1-1708398468433.png

 

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

SUMAIYA_BABU
Regular Contributor
Regular Contributor

‎02/20/2024 06:49 AM

@rushikeshvartak tried the same thing. With this filter query as well, i see only one account for the user which has no entitlements. But the user actually has three accounts - one with no entitlements and two with entitlements. 

0 Kudos

Jayminunadkat
Saviynt Employee
Saviynt Employee

‎03/02/2024 04:06 PM - edited ‎03/02/2024 04:18 PM

To achieve the desired level of filtering, you can explore some alternative approaches leveraging the self-certification options and the information you provided here. Here are some potential solutions.

Here, you may Leverage User Attribute Filtering:

Instead of relying solely on entitlements, you can utilize user attributes to filter the accounts included in your certification.

Identify a user attribute that uniquely identifies the endpoints from which authorized accounts originate. This could be a department code or a custom attribute specific to your environment.
Configure the self-certification to filter based on this user attribute. This should allow you to include accounts associated with the desired endpoints while excluding those from other endpoints, regardless of their entitlements.

Other options:-
Since including both "Accounts" and "Entitlements" in the certification settings results in all accounts and entitlements being added, consider creating separate certifications for accounts and entitlements. Configure one certification to focus solely on accounts from specific endpoints and another certification for the associated entitlements. This approach allows for better control and granularity in the certification process.

0 Kudos

SUMAIYA_BABU
Regular Contributor
Regular Contributor

‎03/06/2024 12:38 PM

@Jayminunadkat  We dont have much filter to be applied - the requirement is to self certify all the accounts only (no entitlemnts required to be certified)  from specified set of endpoints. 

 

0 Kudos
Copyright © 2024 Khoros, LLC