Activity in Knowledge Base
Kerberos Protocol to allow AD domain accounts to connect to SQL database
Use-Case: Many customer's has the requirement to use windows domain account for Database connectors.Steps: ONLY FOR NON EICCreate login at SQL Server for the user which will be utilized at connector.Create a ‘krb5.conf’ file containing information of...
How to write User Account Correlation Rule - SQL & Template Method
Use CaseUnder the Endpoint configurations, when you click on the User Account Correlation Rule -> Advanced Config. There is a specific Attribute called Correlation Rule Type: This can be SQL or TEMPLATE.Understanding about two methods,1) SQL - When i...
How to trigger birthright rules for existing users without running detective job
Use CaseThe requirement is to trigger the birthright technical rule for existing users without using the detective job.For an existing user, birthright technical rules can be invoked by either detective job or through re-run technical rules as an act...
How to Provision and Deprovision Sav Role via Analytics
Use Case Using actionable analytics to provision and de-provision assignments of SAV Roles. Pre-requisitesNAApplicable Version(s)All Solution Saviynt has the capability to use the actionable analytics feature to provision and de-provision assignments...
How to Import Hierarchical Entitlement using REST connector
Use CaseImporting Multi-Level Hierarchical Entitlements via REST ConnectorOur goal is to import entitlements in a three-level hierarchical structure. The imported entitlements should adhere to the following format:Below are the entitlement Types and ...
USER MANAGER CAMPAIGN - EXPLAINED
What is a user manager campaign? A user manager campaign is a way for the managers to certify the users working under them and their corresponding accounts and entitlements. A user manager campaign consists of two steps:1: User Status (Works for me o...
How to Mask Password in REST Connector JSON by defining Custom Attribute
Use CaseProvisioning AD User Mailboxes in Microsoft Exchange Server using an OOTB REST connector and securely storing the password used in PowerShell script using a custom attribute. If the system integrators(SI) choose to go with the OOTB winconnect...
Password Change Error: Unable to Modify AD Password and No_Password display in Email Notifications
Use Case Unable to receive the passwords when trying to change the account password from ARS.We have set a User update rule to change the password and trigger an email, but I cannot get the newly generated password. Error:Error while change password ...
Workday Users Missed after Change Implementation
Use Case We have encountered an issue regarding the Workday to Saviynt Import Feed where some users were not included. After conducting an analysis, we discovered that the problem lies with the date range (response filter) in the Workday to Saviynt ...
How to Cross Account Reference/Reference From Other Endpoint
Use CaseThis article describes how to Cross Account Reference/Reference From Other Endpoint. Let us assume there are 2 endpoints, EP-A & EP-B. User got an account in EP-A and provisioning account in EP-B requires to pass EP-A's account property in C...
Moving ADSI connection URL from LDAP to LDAPS
Use Case The customer changed the URL in the ADSI connection from LDAP to LDAPS once the connection was moved to secure.The connection failed with the below error- 2021-12-13/10:49:11.793 [{}] [https-jsse-nio-443-exec-1] DEBUG adsi.SaviyntGroovyADSI...
Owner on terminate as Manager's Manager
QuestionHow to set 'Owner on Terminate' as Manager's managerAnswerIn Latest versions(v2022+), we have a drop down available for selecting owner on terminate as user, manager, secondary manager etc.,. In this case, if we populate manager's manager val...
How to configure Incremental Import from SAP SuccessFactors
Use CaseHow to do Incremental Import from SAP SuccessFactorsPre-requisitesConnectivity should be established between Saviynt and SAP SuccessFactors.Applicable Version(s)All versionsSolutionDetailed Best Practice:As a best practice, it is recommended ...
What is OOTB AWS Mapping
This article describes the Out of box AWS attribute mapping AWS User Accounts mappingFollowing are the AWS IAM user attributes/metadata stored in the ACCOUNTS table of SSM DB. (These are the attributes that you see when you open an account in SSM UI)...
Configuring Create/Register User form in EIC
Use CaseThe user registration/creation forms in EIC are driven through User dynamic attributes defined in Global Configuration à Identity Lifecycle à Register User Form. Various types of dynamic attributes can be defined to take inputs from logged in...
[REST CONNECTOR] Call name to be used for Add Access JSON
Use Case / Problem StatementAdd access JSON for REST Connector is not working as expected causing the requested access failing to be provisioned at the target system. Pre-requisitesConnection should be successful to the target application.The JSON fo...
Common questions around using Groovy functions/scripts in Provisioning JSONs
Use CaseFAQ – Provisioning JSONs Pre-requisites ConnectorApplicable Version(s)All Solution1. How to pass different value to the target based on source of the task?Ans: If a different attribute is required to be passed in case of birthright provisioni...
How to configure All Approval Workflow to create tasks after all approval requests are complete
Use CaseThe use case is to configure a workflow to support creation of tasks after all approval requests are complete. In an ARS request process, when the user requests for more than one entitlements or role in the same request and the business requi...
RemoteApp | How to Overcome Frozen or Black Screen for RemoteApps Launch
Use Case / Problem Statement This SOP will help you to fix the frozen or black screen issue which appears on UI while launching any remote apps which are deployed on remote app windows servers.Applicable Version This is applicable to v2021 onwards fo...
SNOW Integration with Saviynt through Service Now API
Question: we are using service saviynt connector for service now (as a ticketing system) this is a Rest API based integration. Service now is suggesting not to call Servicenow API for getting status of tickets( which is userd to close tasks in saviyn...
Add new OU in the Application Name on Group Creation
Use CaseCustomer wanted to add the new OU in the application name on the AD Group creation through the ‘Create New Role’ tile in the ARS page. OU=Cloud,OU=Groups,DC=cad,DC=netPre-requisitesNeed to have access to gsp file ( objectandpermission )Applic...
Achieve Email uniqueness check during email generation against existing proxy addresses
Use CaseAchieve Email uniqueness check during email generation against existing proxy addresses/other attributes mentioned apart from the email attribute field. A common use case to to have a lookup table before generating email so that any other uni...
How to set Organization attribute on User Profile using csv upload?
Use CaseSet/Update Organization attribute on User Profile using csv upload. Pre-requisitesNoneApplicable Version(s)All EIC versions v2020.x and AboveSolutionIf you are looking to set the Organization field on the user profile while trying to import u...
How to Auto Increment user id in Username Generation Rule
Use CaseThe requirement is that Username Generation Rule should Autoincrement as per following scenario: Scenario:Username creation needs to be like "OW000001, OW000002, OW000003 ~ ”Username should have a max length of 8. Characters 'OW' followed by ...
How to Achieve Realtime/Instant Provisioning of Access
Use Case / Problem StatementConsider a scenario where a retail organization uses a Database System where access to modify (update, delete, truncate, insert etc.) is considered to be of high risk. Therefore firefighter roles are implemented which prov...
NetSuite Integration - SOAP Connector with sample JSONs
The NetSuite application can be integrated with Saviynt using the generic SOAP connector. Below are the JSONS to make a successful connection with NetSuite and achieve provisioning use cases. We leveraged Token-based Authentication ConnectionJSON----...
Freshdesk API for Integration
Question We are trying to perform the POC for Freshdesk integration. Old Documentation Portal URL: https://saviynt.freshdesk.com/support/solutions/articles/43000660664-freshdesk-integration-guide New Documentation Portal Link: - https://docs.saviy...
How to re-evaluate user link properties for ServiceNow App incase of incorrect / updated mappings
Use CaseSaviynt Users were linked to old/inactive ServiceNow users because of incorrect User Link Properties. The User Link Properties are now updated. However, the links are not getting updated.There are 2 users in ServiceNow with the same email ID,...
[REST CONN]: Retain existing entitlements and only remove selected entitlement
Use Case A single API is used to Add/Remove access or to Update account. The requirement is to ensure the existing entitlements can be retained and only the selected entitlement is removed as part of Remove Access request.In target the Roles are only...
Feasibility Check - Managing AD computer objects
Question: We have a requirement to manager AD computer objects via Saviynt. Kindly confirm over the feasibility of below use cases via ADSI or AD connectors. - Import of Computer Objects as accounts. - Provision Computer Objects into AD security...
Store and Read blob data from user update history using External jar
1.RequirementWe have a requirement to publish a report for all the user updates for the day. This should include all the attributes that have been updated (old + new values) along with other user attributes. We try to read the blob data from the user...
Saviynt servicenow app errors on test connection
The Problem Statement:We are configuring the Saviynt IGA app in Service now and when running a test or saving the connection configuration, errors are generated but we receive a successfully connected to the ‘Saviynt Service’ message.Error - Not allo...
How to use special characters of target Application API URL while configuring in REST connector
Use CaseThe REST connector configured to integrate with target application is failing. Despite correctly configuring the JSON in the REST connector, the API calls are not functioning. The URL, HTTP parameters, credentials, and other settings in Saviy...
Script to manually link Saviynt user with SNOW users
Use CaseThis KB article outlines the process to manually link the unlinked Saviynt users with Servicenow users.Pre-requisitesThere are two option to perform user linking: Bulk option using script: The scripts retrieve all users that were updated in t...
What is Privileged access?
Privileged Access Management (PAM) is the discipline for managing human or machine accounts which have elevated levels of entitlement to platform, system or application resources. It allows organizations to secure their infrastructure and applicatio...
How To - Send single task creation emails for disconnected applications using Custom Jar
Use CaseOnly one email per request should be triggered with all the access(including child access details), user and dynamic attribute details of created tasks on completion of approval workflows. Pre-requisitesRequest approval and task creation is w...
When to use the Repair Role to User Mapping (Role Retrofit )Feature
Use Case:Sometimes due to faulty import runs or some other conditions the assignedfromroles value in Account_entitlements1 table is not populated as well as the role_user_account has accountkey which are not in Active status. This may lead to incorre...
How to troubleshoot 401 unauthorized error from postman when using Saviynt API
Use Case Customer created a user (service account) in Saviynt for using Saviynt APIs from Postman. However they are unable to login from Postman and are getting 401 unauthorized error. Pre-requisites The service account has a SAV role which has a...
How to retrigger Campaign Emails
Use Case1) If the customer wants to make changes to the email template and has asked to trigger a particular email that has already been sent2) A particular email has been triggered already but has not been delivered to the respected personnelSolutio...
How to support If Else condition in Connector JSON
Use CaseConsider the following JSON example, which involves assigning different access groups based on a user's EmployeeClass.The use case is as follows:- IF user.EmployeeClass is one of ('A1', 'A2', 'A3', 'A4', 'A5'), THEN assign accessGroup /292 EL...
Create Connection for CPAM
Connection refers to the configuration setup for connecting to target applications. You create connections by specifying the connection parameters. Because connection parameters are different for different connection types, connections are the subset...
Can you connect to SQL DB(via DB Connector) by authenticating against an AD service account?
Detailed Question: Using a DB connector, can you connect to SQL DB by authenticating against an AD service account provided the AD and DB are in the same domain and provided the service account is not present in the database?Answer: Database connecto...
Writeback user's information to Workday (REST Connector)
SymptomsRequirement is to writeback email from any Saviynt's attribute to Workday. The workday endpoint is a REST endpoint because the email is being written back to a custom object on Workday which cannot be updated through SOAP API.DiagnosisThe use...
Bulk upload of Roles via Role Management option are not showing up in History tab
Use CaseRole updates made by using upload role from Role Management don’t show up on Role history even though the update is reflected it doesn’t show in the history section.Pre-requisitesN/AApplicable Version(s)AllAnswerWhen using the "upload role vi...
Trigger chain job will not run unless the number of jobs in the chain is not reduced.
Use CaseWhen creating a trigger chain job you note that the job does not run unless you reduce the count of jobs present in the trigger chain.In theory, there should be no limitation to the total number of jobs in a single trigger chain job as long a...
Email Authentication Protocols Usage/Support for AWS SES
Description - Saviynt provides email services using AWS SES for sending outbound emails. It supports both SPF as well as DKIM. There are two ways to achieve DMARC (Domain-based Message Authentication, Reporting & Conformance) validation: DomainKeys I...
Unable to view the Delete button on Workflow List Page
SymptomsIn order to delete any workflow from the system, you might run into an issue where the delete option is not visible on the workflow list page.DiagnosisThere is config present in the externalconfig.properties file as below which needs to be se...
Disaster Recovery policy on AWS (Recovery Time Objective and Recovery Point Objective )
#DescriptionThe below article describes Saviynt policy on Disaster Recovery (DR) on AWS #Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are two important concepts in disaster recovery planning. RTO is the maximum amount of time that...
Few variables are missed to generate under application catalog items in Saviynt Servicenow app
SymptomsWe have few issues reported where the variables under application catalog items are not completely generated. Few variables are missing as out of 11 variables that needed to be generated under the catalog item, only 7 were generated.Diagnosis...
Write-back generated email address for onboarded to Workday from EIC
Use Case Workday is the authoritative source of user data. When users are imported from Workday to Saviynt, an email address must be generated in Saviynt which has to be updated back to Workday. Pre-requisitesWorkday Connector (Authoritative Source) ...
