Activity in Knowledge Base
Improve Create user API performance by inlineruleevaluation, Batchidentifier & ProcessRules
Use CaseSaviynt create and update user APIs are used to create/update user identities in Saviynt. This means there will large number of API calls as there can be large number of user records and for every record there will be an API call.Moreover the...
Achieve Email uniqueness check during email generation against existing proxy addresses
Use CaseAchieve Email uniqueness check during email generation against existing proxy addresses/other attributes mentioned apart from the email attribute field. A common use case to to have a lookup table before generating email so that any other uni...
Can you connect to SQL DB(via DB Connector) by authenticating against an AD service account?
Detailed Question: Using a DB connector, can you connect to SQL DB by authenticating against an AD service account provided the AD and DB are in the same domain and provided the service account is not present in the database?Answer: Database connecto...
How to resolve issue: AD New Account Task failing with LDAP Error code 80
Use CaseA New Account Task for an AD Endpoint failed with LDAP Error Code 80.In the logs following error is observed:Creating Account dn-CN=TEST12345678987654321234,OU=Georgia Users,OU=Domain Users,DC=nbc,DC=local Datamap--[mail:TEST12345678987654321...
Various Request types and Task types along with corresponding codes
Use CaseVarious Request types and Task types along with corresponding codes are listed below. Pre-requisitesN/AApplicable Version(s)All Solution REQUEST TYPES: REQUESTTYPE = '1' : 'ADD'REQUESTTYPE = '12' : 'UPDATEACCOUNT'REQUESTTYPE = '2' : 'DELETE'R...
Endpoint Filter for Active Directory connection using group attributes
Detailed Question: Is there any way to use the ENDPOINT FILTER attribute in AD connection, but instead of using the memberOf attribute, it uses any other attribute in an AD group ? The filtering for child endpoints will be done based on that attribut...
How to Mask Password in REST Connector JSON by defining Custom Attribute
Use CaseProvisioning AD User Mailboxes in Microsoft Exchange Server using an OOTB REST connector and securely storing the password used in PowerShell script using a custom attribute. If the system integrators(SI) choose to go with the OOTB winconnect...
How to retrigger Campaign Emails
Use Case1) If the customer wants to make changes to the email template and has asked to trigger a particular email that has already been sent2) A particular email has been triggered already but has not been delivered to the respected personnelSolutio...
How to configure All Approval Workflow to create tasks after all approval requests are complete
Use CaseThe use case is to configure a workflow to support creation of tasks after all approval requests are complete. In an ARS request process, when the user requests for more than one entitlements or role in the same request and the business requi...
List of various Status and type codes used in ARS
Use CaseThis article list of various Status codes used in ARS Pre-requisitesTask Reference NumberApplicable Version(s)All SolutionREQUEST_ACCESS (TYPE)ADD = 1UPDATEAC = 12REMOVE = 2UPDATEROLE = 3REMOVEROLE = 4PROPOSEDACCOUNTOWNERS = 15MODIFY_ORGANIZA...
Control Center shows no data
Problem StatementThe end user can successfully access the Control Center section, but it does not show any data in the dashboard Applicable Version(s)v5.5SolutionOne of the main reasons for this issue is the SAV Roles doesn’t have the access to the r...
Writeback user's information to Workday (REST Connector)
SymptomsRequirement is to writeback email from any Saviynt's attribute to Workday. The workday endpoint is a REST endpoint because the email is being written back to a custom object on Workday which cannot be updated through SOAP API.DiagnosisThe use...
Need to upload images to use in Email
Question Hi Team , Could you please upload the images which need to be used in Email template. Insert image option on email template creation form is not available for Advance Html option. Once image is uploaded, please share the URL to be use...
How to filter the Applications in Access Request submission by making use custom tags?
Use Case:How to provide Application filter option in Access Request where the user can select the custom tag to filter and display the applications associated with the selected tag Application Version: 2020.x and abovePre - RequisiteThe user needs to...
Kerberos Protocol to allow AD domain accounts to connect to SQL database
Use-Case: Many customer's has the requirement to use windows domain account for Database connectors.Steps: ONLY FOR NON EICCreate login at SQL Server for the user which will be utilized at connector.Create a ‘krb5.conf’ file containing information of...
How to write User Account Correlation Rule - SQL & Template Method
Use CaseUnder the Endpoint configurations, when you click on the User Account Correlation Rule -> Advanced Config. There is a specific Attribute called Correlation Rule Type: This can be SQL or TEMPLATE.Understanding about two methods,1) SQL - When i...
How to trigger birthright rules for existing users without running detective job
Use CaseThe requirement is to trigger the birthright technical rule for existing users without using the detective job.For an existing user, birthright technical rules can be invoked by either detective job or through re-run technical rules as an act...
How to Provision and Deprovision Sav Role via Analytics
Use Case Using actionable analytics to provision and de-provision assignments of SAV Roles. Pre-requisitesNAApplicable Version(s)All Solution Saviynt has the capability to use the actionable analytics feature to provision and de-provision assignments...
How to Import Hierarchical Entitlement using REST connector
Use CaseImporting Multi-Level Hierarchical Entitlements via REST ConnectorOur goal is to import entitlements in a three-level hierarchical structure. The imported entitlements should adhere to the following format:Below are the entitlement Types and ...
USER MANAGER CAMPAIGN - EXPLAINED
What is a user manager campaign? A user manager campaign is a way for the managers to certify the users working under them and their corresponding accounts and entitlements. A user manager campaign consists of two steps:1: User Status (Works for me o...
Password Change Error: Unable to Modify AD Password and No_Password display in Email Notifications
Use Case Unable to receive the passwords when trying to change the account password from ARS.We have set a User update rule to change the password and trigger an email, but I cannot get the newly generated password. Error:Error while change password ...
Workday Users Missed after Change Implementation
Use Case We have encountered an issue regarding the Workday to Saviynt Import Feed where some users were not included. After conducting an analysis, we discovered that the problem lies with the date range (response filter) in the Workday to Saviynt ...
How to Cross Account Reference/Reference From Other Endpoint
Use CaseThis article describes how to Cross Account Reference/Reference From Other Endpoint. Let us assume there are 2 endpoints, EP-A & EP-B. User got an account in EP-A and provisioning account in EP-B requires to pass EP-A's account property in C...
Moving ADSI connection URL from LDAP to LDAPS
Use Case The customer changed the URL in the ADSI connection from LDAP to LDAPS once the connection was moved to secure.The connection failed with the below error- 2021-12-13/10:49:11.793 [{}] [https-jsse-nio-443-exec-1] DEBUG adsi.SaviyntGroovyADSI...
Owner on terminate as Manager's Manager
QuestionHow to set 'Owner on Terminate' as Manager's managerAnswerIn Latest versions(v2022+), we have a drop down available for selecting owner on terminate as user, manager, secondary manager etc.,. In this case, if we populate manager's manager val...
How to configure Incremental Import from SAP SuccessFactors
Use CaseHow to do Incremental Import from SAP SuccessFactorsPre-requisitesConnectivity should be established between Saviynt and SAP SuccessFactors.Applicable Version(s)All versionsSolutionDetailed Best Practice:As a best practice, it is recommended ...
What is OOTB AWS Mapping
This article describes the Out of box AWS attribute mapping AWS User Accounts mappingFollowing are the AWS IAM user attributes/metadata stored in the ACCOUNTS table of SSM DB. (These are the attributes that you see when you open an account in SSM UI)...
Configuring Create/Register User form in EIC
Use CaseThe user registration/creation forms in EIC are driven through User dynamic attributes defined in Global Configuration à Identity Lifecycle à Register User Form. Various types of dynamic attributes can be defined to take inputs from logged in...
[REST CONNECTOR] Call name to be used for Add Access JSON
Use Case / Problem StatementAdd access JSON for REST Connector is not working as expected causing the requested access failing to be provisioned at the target system. Pre-requisitesConnection should be successful to the target application.The JSON fo...
Common questions around using Groovy functions/scripts in Provisioning JSONs
Use CaseFAQ – Provisioning JSONs Pre-requisites ConnectorApplicable Version(s)All Solution1. How to pass different value to the target based on source of the task?Ans: If a different attribute is required to be passed in case of birthright provisioni...
RemoteApp | How to Overcome Frozen or Black Screen for RemoteApps Launch
Use Case / Problem Statement This SOP will help you to fix the frozen or black screen issue which appears on UI while launching any remote apps which are deployed on remote app windows servers.Applicable Version This is applicable to v2021 onwards fo...
SNOW Integration with Saviynt through Service Now API
Question: we are using service saviynt connector for service now (as a ticketing system) this is a Rest API based integration. Service now is suggesting not to call Servicenow API for getting status of tickets( which is userd to close tasks in saviyn...
Add new OU in the Application Name on Group Creation
Use CaseCustomer wanted to add the new OU in the application name on the AD Group creation through the ‘Create New Role’ tile in the ARS page. OU=Cloud,OU=Groups,DC=cad,DC=netPre-requisitesNeed to have access to gsp file ( objectandpermission )Applic...
How to set Organization attribute on User Profile using csv upload?
Use CaseSet/Update Organization attribute on User Profile using csv upload. Pre-requisitesNoneApplicable Version(s)All EIC versions v2020.x and AboveSolutionIf you are looking to set the Organization field on the user profile while trying to import u...
How to Auto Increment user id in Username Generation Rule
Use CaseThe requirement is that Username Generation Rule should Autoincrement as per following scenario: Scenario:Username creation needs to be like "OW000001, OW000002, OW000003 ~ ”Username should have a max length of 8. Characters 'OW' followed by ...
How to Achieve Realtime/Instant Provisioning of Access
Use Case / Problem StatementConsider a scenario where a retail organization uses a Database System where access to modify (update, delete, truncate, insert etc.) is considered to be of high risk. Therefore firefighter roles are implemented which prov...
NetSuite Integration - SOAP Connector with sample JSONs
The NetSuite application can be integrated with Saviynt using the generic SOAP connector. Below are the JSONS to make a successful connection with NetSuite and achieve provisioning use cases. We leveraged Token-based Authentication ConnectionJSON----...
Freshdesk API for Integration
Question We are trying to perform the POC for Freshdesk integration. Old Documentation Portal URL: https://saviynt.freshdesk.com/support/solutions/articles/43000660664-freshdesk-integration-guide New Documentation Portal Link: - https://docs.saviy...
How to re-evaluate user link properties for ServiceNow App incase of incorrect / updated mappings
Use CaseSaviynt Users were linked to old/inactive ServiceNow users because of incorrect User Link Properties. The User Link Properties are now updated. However, the links are not getting updated.There are 2 users in ServiceNow with the same email ID,...
[REST CONN]: Retain existing entitlements and only remove selected entitlement
Use Case A single API is used to Add/Remove access or to Update account. The requirement is to ensure the existing entitlements can be retained and only the selected entitlement is removed as part of Remove Access request.In target the Roles are only...
Feasibility Check - Managing AD computer objects
Question: We have a requirement to manager AD computer objects via Saviynt. Kindly confirm over the feasibility of below use cases via ADSI or AD connectors. - Import of Computer Objects as accounts. - Provision Computer Objects into AD security...
Store and Read blob data from user update history using External jar
1.RequirementWe have a requirement to publish a report for all the user updates for the day. This should include all the attributes that have been updated (old + new values) along with other user attributes. We try to read the blob data from the user...
Saviynt servicenow app errors on test connection
The Problem Statement:We are configuring the Saviynt IGA app in Service now and when running a test or saving the connection configuration, errors are generated but we receive a successfully connected to the ‘Saviynt Service’ message.Error - Not allo...
How to use special characters of target Application API URL while configuring in REST connector
Use CaseThe REST connector configured to integrate with target application is failing. Despite correctly configuring the JSON in the REST connector, the API calls are not functioning. The URL, HTTP parameters, credentials, and other settings in Saviy...
Script to manually link Saviynt user with SNOW users
Use CaseThis KB article outlines the process to manually link the unlinked Saviynt users with Servicenow users.Pre-requisitesThere are two option to perform user linking: Bulk option using script: The scripts retrieve all users that were updated in t...
What is Privileged access?
Privileged Access Management (PAM) is the discipline for managing human or machine accounts which have elevated levels of entitlement to platform, system or application resources. It allows organizations to secure their infrastructure and applicatio...
How To - Send single task creation emails for disconnected applications using Custom Jar
Use CaseOnly one email per request should be triggered with all the access(including child access details), user and dynamic attribute details of created tasks on completion of approval workflows. Pre-requisitesRequest approval and task creation is w...
When to use the Repair Role to User Mapping (Role Retrofit )Feature
Use Case:Sometimes due to faulty import runs or some other conditions the assignedfromroles value in Account_entitlements1 table is not populated as well as the role_user_account has accountkey which are not in Active status. This may lead to incorre...
How to troubleshoot 401 unauthorized error from postman when using Saviynt API
Use Case Customer created a user (service account) in Saviynt for using Saviynt APIs from Postman. However they are unable to login from Postman and are getting 401 unauthorized error. Pre-requisites The service account has a SAV role which has a...
How to support If Else condition in Connector JSON
Use CaseConsider the following JSON example, which involves assigning different access groups based on a user's EmployeeClass.The use case is as follows:- IF user.EmployeeClass is one of ('A1', 'A2', 'A3', 'A4', 'A5'), THEN assign accessGroup /292 EL...
