Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Service Account Campaign Without Entitlement

Mahak_Acharya
Regular Contributor
Regular Contributor

‎07/09/2024 12:16 AM

Hi,

Our requirement is to perform a Service Account Campaign where we only want to review Base Service Accounts and not go through Step 2 of access Approvals. 

Could anyone confirm if entitlement/access validation is mandatory for service account campaigns.

Thanks,

Mahak

Labels:
0 Kudos
9 REPLIES 9

naveenss
All-Star
All-Star

‎07/09/2024 12:41 AM

Hi @Mahak_Acharya choose the below highlighted configurations to only certify base accounts for service account campaign.

naveenss_1-1720510856730.png

 

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

Mahak_Acharya
Regular Contributor
Regular Contributor
In response to naveenss

‎07/09/2024 01:51 AM

Hi Naveen,

We have tried this configuration but this also only allows us to choose whether the accounts Belongs to Me or Doesnot Belong to Me.
We are unable to trigger Remove Account tasks using these options and would need something that triggers Base Account removal Task from the certification.

0 Kudos

pmahalle
All-Star
All-Star
In response to Mahak_Acharya

‎07/09/2024 02:17 AM

@Mahak_Acharya ,

Make sure you have selected Accounts in Objects to be included in Certification like below:pmahalle_0-1720516526413.png

Also, enable Create Revoke Tasks for Revoked/Conditional Certified Acc. & Ent. on Locking under Configurations-->Revoke Tasks

pmahalle_1-1720516621294.png

 


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

naveenss
All-Star
All-Star
In response to Mahak_Acharya

‎07/09/2024 04:14 AM

Hi @Mahak_Acharya for this, you need to perform two step approach. 

Also, as suggested by @pmahalle select only accounts in the objects to be certified configuration. 

Enable Create Revoke Tasks for Revoked/Conditional Certified Acc. & Ent. on Locking under Configurations-->Revoke Tasks.

Once this is configured, in the step 2 of the certification, you will see the option to remove account. Upon locking the campaign, the remove account task shall be created. 

 

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

gurpreetchanna
New Contributor II
New Contributor II

‎07/09/2024 06:16 AM

Hi @naveenss  @pmahalle , we have tested the suggested configurations. If an entitlement is not assigned to the service account, it does not show up at step 2. 

Also, if we assign an entitlement, and take action to revoke at step 2, it initiates a remove access task instead of remove account. 

0 Kudos

naveenss
All-Star
All-Star
In response to gurpreetchanna

‎07/09/2024 06:47 AM

@gurpreetchanna can you share the configurations? This is working fine on 24.4

Regards,
Naveen Sakleshpur
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.
0 Kudos

pmahalle
All-Star
All-Star
In response to gurpreetchanna

‎07/09/2024 07:03 AM

@gurpreetchanna Working for me as well. Share the campaign configuration screenshots.


Pandharinath Mahalle(Paddy)
If this reply helps your question, please consider selecting Accept As Solution and hit Kudos 🙂
0 Kudos

gurpreetchanna
New Contributor II
New Contributor II

‎07/09/2024 07:05 AM - edited ‎07/09/2024 07:06 AM

Hi @naveenss , below are the snips of configurations we are trying. As mentioned earlier, without entitlement , accounts are not showing at step 2 

gurpreetchanna_0-1720533435324.png

gurpreetchanna_1-1720533532897.pnggurpreetchanna_2-1720533753065.pnggurpreetchanna_3-1720533785466.pnggurpreetchanna_4-1720533818552.png

 

 

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to gurpreetchanna

‎07/09/2024 07:25 AM

  • I have tried below configuration and its working v24.4
  • Results 
  • rushikeshvartak_0-1720535007506.png

     

Configuration :

rushikeshvartak_1-1720535058285.png

rushikeshvartak_3-1720535097168.png

 

rushikeshvartak_2-1720535078416.png

 

 


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC