Activity in Knowledge Base
Masking Password in REST Connector JSON (Defining Custom Attribute)
Use CaseProvisioning AD User Mailboxes in Microsoft Exchange Server using an OOTB REST connector and securely storing the password used in PowerShell script using a custom attribute. If the system integrators(SI) choose to go with the OOTB winconnect...
How to generate a random three-letter systemusername while excluding specific keywords
Use CaseWe have a requirement to generate a random three-letter system username while excluding the following keywords: 'ADD', 'ALL', 'AND', 'ANY', 'ASC', 'END', etcPre-requisitesN/AApplicable Version(s)202x and 3.xSolutionThis use case can be achiev...
Customizing the user interface to reflect branding through banner color changes for EIC.
Pre-Requisites:Permissions Required for User Interface CustomizationYour SAV roles must have specific permissions to customize the UI on the User Interface Branding Configuration page. Action ...
Mapping Data in JSON based on date type response from target application field
Symptomswe are developing ImportAccountEntJSON we have a requirement such as handling the status(Active/Inactive) in the JSON, The requirement is if enddate as 01/01/4000 then Active and if enddate is less than current date then it should be Inactive...
Defining a workflow logic for individual users with respect to their line managers
Question:We do not have any clear documentation on workflow creation for individual users and group of users where approval request has to be sent to the individual line managers or group of managers. Could you please provide us the detailed steps to...
Need to upload images to use in Email
QuestionHi Team , Could you please upload the images which need to be used in Email template. Insert image option on email template creation form is not available for Advance Html option. Once image is uploaded, please share the URL to be used in ema...
Where does maxUserUpdateDate get its data (REST Connector - Incremental import)
Question: Need more clarification on the use of maxUserUpdateDate variable to be used in Incremental import for REST Connector. 1. Where does the date maxUserUpdateDate parameter get its value from? 2. Is it in UTC or local time? 3 What happens to t...
How to filter the Applications in Access Request submission by making use custom tags?
Use Case:How to provide Application filter option in Access Request where the user can select the custom tag to filter and display the applications associated with the selected tag Application Version: 2020.x and abovePre - RequisiteThe user needs to...
How To - Enable View Access to Entitlements for Connected and Disconnected applications
Use Case :How to enable view access to Entitlements for any application in the Identity Repository Admin PagePre-requisites and Assumptions :Connection configuration can be updated by users with SAV ADMIN roleSAV Role already exists which needs to be...
Remove Do Not Disturb Delegate
QuestionIs it possible to remove the Do Not Disturb delegate set on a user?AnswerFrom UI, it is not possible to make in blank, only option would be to use Custom query job to update it and make it blank/null
SAVRole with read only features disable the reports funtionality.
QuestionWe have implemented a SAVRole (with read only features) for the helpdesk which allow them to access the users and account interface as an admin could do but without the capabilities to modify those data. When they try to utilize an actionable...
When to use the Repair Role to User Mapping (Role Retrofit )Feature
Use Case:Sometimes due to faulty import runs or some other conditions the assignedfromroles value in Account_entitlements1 table is not populated as well as the role_user_account has accountkey which are not in Active status. This may lead to incorre...
Workday Connection job failing - v2021-Dev
Question: We're trying to setup workday connection in DEV v2021, connection is successful but job is failing with the below error message. We followed workday connector guide 2.0 for creating a connection. Error - Error parsing parameter HR_IMPORT_JS...
How To Use USER CONTEXT concept in Analytics with Example
User Context is generally used to Get the data of specific users which are logged in so that it displays the information required only for their data or the reportee's data if needed.For Example generic basic use case of managers to view the reportee...
Basic Insights Matrix for Risk and Criticality
Use Case:How are the Criticality and Risk parameters used for calculating Risky Entitlements/Roles as part of Basic Insights Feature in Request Approval ScreenApplication Version: 2020.x and aboveSolution:Entitlement_Values and Roles have an option t...
How To - UI Branding - Step by Step Instructions
Use-Case:Customizing the user interface to reflect branding through banner color and logo changesPre-Requisites:SAV Role - ROLE_UIADMIN to be assigned to the user performing the below changesApplicable Versions:Saviynt v5.5.x & EIC 2020.x versions So...
Passing Role Name dynamically in the JSON
QUESTION: We have new application(Rest based) which needs to be integrated with SIGA. Application Name - ABC In this we have one requirement, while creating a user we need send an attribute called Role. They have total 3 different values f...
Configuring the detection of out-of-band access for endpoints
Problem statement :How do you configure the detection of out-of-band access for endpoints.Context:Ideally an account is provisioned to a User in one of the following ways :Through EIC provisioningIn another co-existing Identity and Access Management ...
Birthright accesses not shown in the ARS while requesting access
Problem Statement:While requesting access for a user using the Request Access for Others tile, the accesses assigned through the Birthright rule (Technical rule) for the user are not shown.Possible Cause:This can occur if the Exclude Entitlements Ass...
Exchange Connectivity- High Availability
QuestionWe are building connectivity to on premise Exchange Servers via WIN PS connectors and Saviynt app as per standard Saviynt documentation. While we do have LB in front of Exchange instances to achieve loadbalancing and High Availability. Howeve...
Exclude entitlement owner to certify his own account
SymptomsIn the entitlement owner campaign, we want to exclude the accounts which belongs to the owner of the same entitlement so we can avoid the entitlement owner to certify his own account associated to that same entitlement in the campaign Solu...
Renaming HANA rules
QuestionAre there any implication in renaming some technical rules and user update or is it better to inactive the current rule and create a new one altogether?AnswerNo, renaming the rules doesn't have any implications as anywhere rules are reference...
Owner on terminate as Manager's Manager
QuestionHow to set 'Owner on Terminate' as Manager's managerAnswerIn Latest versions(v2022+), we have a drop down available for selecting owner on terminate as user, manager, secondary manager etc.,. In this case, if we populate manager's manager val...
To remove ROLE_USER from external user
QuestionHi We need your assistance to remove "ROLE_USER" SAV role for all the external users. And also, in future this role should not be assigned to any users by default. Please let us know where we can restrict this. AnswerYou can remove the role ...
Workflow - Lexical Error - encountered invalid character '{'
SymptomsA 'Lexical Error' is seen in the logs when a workflow is triggered.Example : ERROR services.WorkflowService - Exception in workflow servicede.odysseus.el.tree.TreeBuilderException: Error parsing '#{(requestedby.XYZ.collect { it.X}.contains("A...
Service Account campaign moves directly to the completed state and has no certifications
SymptomsOn launching an SA campaign, it immediately moves to the completed state and there are no certifications within the campaignDiagnosisThe reason we don't have any certifications is because there are no certifiers.A certifier for a service acco...
Successfactor version for Successfactor 2.0 -Saviynt integration
Question: We have a requirement to integrate successfactor version 2.0 with Saviynt ver23.1.Can you please let us know if Saviynt supports successfactor version 2.0? Response: The Successfactor integration is REST based. So as long as the Successfact...
SOAP Connection - newEntitlementMap to get entitlement ID's
Question: I am working on configuring a SOAP connection for grant and revoke access and I have calls that depend on the entitlement ID rather than their values. I have been using the allEntitlementMap variable for the entitlement type I need the enti...
Extract Workday attributes using Hybrid connector
QuestionWe're trying to extract the ISO fields (below) in Workday as a part of user's record.The connector used is the Workday_Hybrid_Basic connector. According to the guide, the syntax we're using is "COUNTRY": "wd:Location_Country.wd:type:ISO_316...
Delete SalesForce Account via SalesForce Connector
QuestionWe're developing a SalesForce connector for the client and we want to know if there is a way to implement the functionality of delete account from Saviynt to the target application via SalesForce connector.Actually it looks there isn't a way ...
Password Filter support on Server 2022 Domain Controller
QuestionIs the password filter agent (Configuring Password Synchronization from Active Directory : Customer Portal (freshdesk.com)) supported on Windows Server 2022. We are deploying to a new AD that we've just deployed which is all Server 2022 domai...
Freshdesk API for Integration
QuestionWe are trying to perform the POC for Freshdesk integration.While referring this : https://saviynt.freshdesk.com/support/solutions/articles/43000660664-freshdesk-integration-guideWe see many details are incomplete and unclear.Ex:1. <TENANTURL>...
User Registration Form Modification
QuestionWe have a type of user called B2BUsers, for which there are 5 target applications to which they can be provisioned to.Each target application has a separate B2BADmin, who can create a B2BUser 9User registration Form in Saviynt) and based on t...
Saviynt Bots
QuestionSetup Saviynt Bots AnswerPlease refer to following documentation which has the required information:https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/Chapter19-EIC-Integrations/Identity-Bot.htm
Feasibility Check - Managing AD computer objects
Question: We have a requirement to manager AD computer objects via Saviynt. Kindly confirm over the feasibility of below use cases via ADSI or AD connectors. - Import of Computer Objects as accounts. - Provision Computer Objects into AD security...
User List -Campaign Reassignment
Question: We have 2 requirements one is to control the list of users in Reassignment option and the other is to display full list of users during the consult option. When I am using below configurations to control the list of users in Reassignme...
Deactivate users on IAM and not on target system
Question We require to deactivate users only on IAM and not impact the users on target system. Please guide us with the process. Issue: The upstream and downstream connections in IAM raise risk for the team due to legacy configurations and data ...
generate a report and encrypt it before sending
Question: we would like to set up a report. However, after generating the report, we need to encrypt it before sending it to the recipient. Is it possible to set up encryption? If so, what do you need? the encryption must be in GPG. Answer: Can...
Service desk api ticket
QUESTION:we have a requirement from client, where for a disconnected applications we are running a user manager campaign , once the campaign is completed saviynt will raise a list of revoke access tasks in pending list, our requirement is, organize t...
Customization of the CreateADGroup and CreateAADGroup Forms
UseCase: We have a usecase with the client which requires a customization of the Access Request Form for Group Management via Saviynt.The 2 forms are - Create AD Groups and -Create AzureAD AAD group (Under Create New role). The customization requires...
Display Child Entitlements in Campaigns
SymptomsRequirement:Client have connected and disconnected applications , we are doing a user manager certification for those applications in Saviynt . so in each application there are multiple roles(entitlements) and multiple permissions belong to...
Using Windows Domain account for Database Connector
Question: Need details on how to setup a connector that uses AD service account to connect to database. Our current user import is connecting directly to database and we need to switch to AD based authentication using a domain service account.Answer:...
validfrom & validthrough account attributes are not getting updated through dynamic attributes
Problem: We are passing the validfrom & validthrough account attributes in the Create account request API, but they are not getting updated through dynamic attributes (even with the data type). Please see the request information below: CreateAcc...
Docusign Admin API
QUESTION Hello! I know that we have a documentation for DocuSign integration but it seems that this for eSignature REST API. https://saviynt.freshdesk.com/support/solutions/articles/43000669647-docusign-integration-guide Do we have one for DocuAdm...
IdentityM&M:Merging the secondary identity to primary identity,Accounts are not getting transferred
QUESTION:Identity M&M : On merging the secondary identity to primary identity, accounts/access/roles are not getting transferred to primary identity Team, We are using the identity match and merge functionality in production and dev and found an ...
SAV Role permissions for Endpoint Certifiers required for Attestations
Question : SAV Role permissions for Endpoint Certifiers required for Attestations. Answer :Please refer to following document to understand on SAV role configuration for version 5.5.x: https://docs.saviyntcloud.com/bundle/SSM-Admin-v55x/page/Content/...
Endpoint Filter for Active Directory connection using group attributes
Detailed Question: Is there any way to use the ENDPOINT FILTER attribute in AD connection, but instead of using the memberOf attribute, it uses any other attribute in an AD group ? The filtering for child endpoints will be done based on that attribut...
Perform incremental import of users without UPDATE date/timestamp column in DB (SQL DB
Question: We have a requirement where we need to perform Incremental Import of Users from SQL DB view as trusted source in DB connector, but there is no Update_Dat or Update_Timestamp column present in the view. Is it possible for Saviynt to perform ...
Inquiry for modification of analytics report
Question -Is it possible in the analytics report to get start date and end date input from the user and then run analytics query based on the user date inputs? So, we can utilize these inputs to run an analytics query based on the selected time frame...
Saviynt request status not refreshing in the Request item on snow app
Issue: When workflow engine is set up as Saviynt in snow app and a request is raised in servicenow, a parallel request is created in saviynt. Once the request is actioned up on saviynt, tasks are provisioned and request status is completed, respecti...
