Click HERE to see how Saviynt Intelligence is transforming the industry. |
03/10/2023 02:40 AM
Hi Team,
We would like to understand how best we might configure a Privileged Access Cert in Saviynt to review high risk access.
Do we have any article on PAM certification in saviynt?
If yes, plz provide the link.
Regards,
Ekata
Solved! Go to Solution.
03/10/2023 06:15 AM
Can you please elaborate your use case? If I understand your query you want to review some high risk access through certification.
If so then you will use regular certification process to launch the certifications, You can do either User Manager or Entitlement Owner certification.
03/13/2023 04:06 AM
Thank you for the response. Can we user manager certification only for a few types of entitlement?
For ex:
cn=Domain Admins,cn=users,dc=****,dc=com & cn=Enterprise Admins,cn=users,dc=****,dc=com & cn=Schema Admins,cn=users,dc=****,dc=com
will this include users with access via nested groups?
Regards,
Ekata
03/13/2023 07:08 AM
1. Yes you can use Advanced Campaign Configurations and use respective query which includes only entitlements that you want to review in Entitlements Query field
2. No, Nested entitlement users won't be available by default unless you include those nested entitlements as well in your entitlement query
03/15/2023 03:40 AM
Hi,
Is it possible to get the campaign launched when the user job is transferred to their manager using user manager certification?
Do we have any option to enable it?
Kindly advise.
regards,
Ekata
03/15/2023 05:46 AM
Yes it can be done, There is no difference in certification for PAM it depends on regular IGA functionality.
You can create a user update rule where you can select action as launch certification and configure the respective settings for certification and then schedule the job: Launch Certification from Rule Job (LaunchCertificationFromRuleJob)
03/20/2023 04:39 AM
Hi Saathvik,
I am trying to launch an entitlement owner campaign but the list is not seen at the certification level. Below are the examples:
But the other entitlements are getting picked up.
Is there any specific reason like entitlement type which needs to be included while creating it?
Kindly advise.
Regards,
Ekata
03/20/2023 06:03 AM
it depends on your certification configuration, please share the screenshots of your certification configuration. And please tell me which endpoint entitlements/entitlement type are not seeing in the certification.
Also please check below things
03/21/2023 02:03 AM
Hi,
Below is the screen shot:
The entitlement type is role for parent ant group is shown on child entitlement. for normal group entitlements without nested groups the launch works as below:
But these are not included (testqa entitlement)
Below are the finding:
03/29/2023 04:41 AM
Hi Saathvik,
I am following up on Ekata's above mentioned screenshots as she is on vacation, were you able to figure out the issue, kindly let me know. Thanks!
Regards,
Murali Dharan