How to disable One Disable function
All,I been searching in the forums of how to disable the "one click disable" functionality and how we could restrict this to certain population of users.Anyone has encountered this similar situation before?
and more in a single search tool across platforms. Read the announcement here. |
All,I been searching in the forums of how to disable the "one click disable" functionality and how we could restrict this to certain population of users.Anyone has encountered this similar situation before?
Hi Team, We have use case regarding to workflow where we have to check if user attribute cp1 is 'ABC' then user creation approval will go to 1st workflow, If cp1 is 'XYZ' then user creation workflow will go for another approval process. How we can co...
My team is looking to include disconnected applications into our quarterly access certification campaigns. Would it be possible to create a disconnected Security system and have that security system connected to multiple disconnected endpoints or doe...
Hello. Screenshot below of my workflow but what I'm seeing is the manager gets prompted to approve the account and the entitlement but the level 2 approver, the entitlement owner, only gets the option to approve the entitlement only and not the accou...
Hi,How can I check whether Role Owner is null or size ==0 in If-Else condition in workflow? Regards,Neha
Hi How to check if a enterprise Role has any owner in IF condition.Role owner check is working if the condition is based on Ranks. But i want to check without Rank dependency
We have a requirement as follows:If entitlement owner requests for the entitlement, the request should get auto approved.If requestor is not entitlement owner, the request should be routed to manager for approval.I found below query on forum but it i...
Case : If requestor is a entitlement owner of requested entitlement then request should be Auto approve else it go with manager approval. Note we have single or multiple owners to a single entitlement with rank 1.So I used below IF-else conditions, b...
Hello folks, hope anyone can help with the below requirement.Context : Email in Access Approval WorkflowRequirement : Display all requested roles to Role Owners to ease their approval decisionUse Case : We have configured an approval workflow with 2 ...
Hi All,We have a requirement where we need to call a custom JAR inside the workflow. I am aware that we can use the 'Action Event' block to achieve this.However, I also need to pass the 'requestkey' as argument to the JAR so that I can perform some o...
Hi everyone, Odd behavior I'm noticing and I don't know where else to look. We have a PROD and a DEV environment. In both of them we have configured the same Workflow under Global Settings > Identity Lifecycle > User Modification Workflow.Now to the...
My workflow is not recognizing endpoints.customproperty40 eq 'Yes'. I have the endpoint cp value updated to Yes. When request is submitted it is getting auto rejected. Any suggestions? Something similar mentioned here. But Im not mapping false to end...
Hi,Can we increase manager approval remainders limit to 5 in the workflow level.?
Hello, I want to send the request to the manager of the manager if the first manager is inactive.I put this workflow below and when i test it, when the first manager is inactive, the approval request is going to admin admin instead of the manager of ...
Hi All,In Saviynt approval workflow will be assign for new user creation using User Registration Form can it be possible .As per my understanding we can use modification workflow form global configuration for user attribute update using Saviynt User ...
Hi Team, We have created an Enterprise role request approval workflow which is getting auto approve.
Hi Team,I'm trying to create an email template to send notification to a specific User group, but I don't see any binding variable that covers the requirement.I also tried to print the Group's user email in the body using:${com.saviynt.ecm.identitywa...
The context is: we have Saviynt app installed in ServiceNow. We tried to open a request for a user (requesting an entitlement) from ServiceNow. In ServiceNow, after the creation of the request, the request appears immediately as "Approved" (in the "A...
Hello all,I have workday source of truth. i am only reading from workday (it is a one way connection). I imported all the users with the attriutes required.i noticed an issue while testing, my client declared an offboarding for a user he set terminat...
Hi team,I have a use case for the creation of a user form where I need to implement an approval process based on the organization selected for that user. Only organization owners (we have 3 levels) and the organization's primary contact can create an...
Hi All I'm trying a workflow where if the requestor is resource owner then it should be auto approved.I'm using below logic in if else condition and it is working as expected if resource owner is a single person. But when resource owner is a user gro...
Hi Team, We have an requirement where we have to implement two level access certification. 1st End user will review their own access and will take action once he lock the certificate then User Manager should trigger based on end user certification. I...
Hi Team, We were trying to make changes in the Workflow. However, every time we tried to save the changes in the workflow, we received a pop-up stating that the workflow could not be saved.Attached are the logs for reference. Please provide your insi...
Hello TeamNeed to send Workflow Rejected Email to the Resource Owner as Usergroup.I have used the below binding varaible in the rejected email,but its working.${com.saviynt.ecm.identitywarehouse.domain.Users.findAllByIdInList(com.saviynt.ecm.identity...
Hello,Is there any way to make through a workflow that a group of users are approvers and that any of them can approve the request of an entitlement?How could this be done?Regards,Ivan
Hi,I am getting error (null pointer exception) when I try to create a user via request user tile in home page. below are the steps I followed to set up invitation based user onboarding.1. created a workflow and added invite Action block also created ...
Hi team,We want to restrict the functionality of adding multiple owners while creating or modifying the service account because in Azure AD only one owner is supported. How can we achieve this? If we cannot restrict, we want to reject requests in the...
Hello , At our client, we have a 3 level workflow already in place (Manager --> Business Owner --> CISO) depending on the criticality of the entitlement.We have now implemented SOD's and mitigation controls and added additional level of approval at t...
Hello allI've been working in creating a workflow for when users need access to SAP FF accounts, this process works as follows:Specific FF accounts for IT exist that can be requested, these follow a specific naming conventionOther types of FF accoun...
HiWe have a requirement to have only one role for one user. so if in case if role change the user submits to remove existing access and add new access. our remove request has only one level of approval where our add request has two levels of approval...
We have a requirement from application team to implement below case for their REST API connector. Case: The application need to define an expiry date that need to be associated between the entitlement and user accounts and before the expiry reaches, ...
Hi Team,We have a requirement where there are set of users who are assigned as Rank 1 and Rank 4 approvers for entitlements. If one user who has approved the request for Rank 1, then the request must be redirected to other users for Rank 4 approval. ...
Hi,I have the below requirement on access request1. Provide immediate access to users for a specific period of timeI was thinking about Emergency Roles, I created an emergency role and was able to add and revoke access for a specific period of time.2...
Hi,I followed the below steps to create a dynamic attribute and use it in workflow but i am getting an error while submitting the requestUse-Case: Approve/reject the request based on the entitlements the user has.Navigate to Global Config and enable ...
Hi Team,We would like to check requestee's customproperties whether there exists the value desired. If yes, then route to approver1, else route to approver2. The query below is used in if-else block, but it returns error and unable to submit the requ...
Hello,We have a usecase where for an endpoint, we want the levels of approval to go as such - first level usergroup, then manager, then if requestor is different from user requested for (like manage access for others scenario), then it should go to t...
Hello,We are working on an approval workflow and we are having an issue with the following query as it is giving the result as 'true' in both 'true' and 'false' cases-(com.saviynt.ecm.identitywarehouse.domain.User_groups.executeQuery("select ug.id fr...
Hello,We are working on an approval workflow and we have a requirement to separate approval workflow for add access and add account requests. We are using the following code in if/else block: ars_requests.requesttype eq 3 and entitlement eq null It ...
Hi there,In our project, we have a requirement that if the reporting officer (aka user's manager) is the same as dashboard owner (which is entitlement owner), then skip the dashboard owner approval. It is implemented as the If-else block as in the be...
Hi Team,We have two level approvals in the workflow where the approvers are getting from the prefix of requestee's customproperty, for example, the first 6 digits of the customproperty10 refers to the first approver and the first 6 digits of the cust...
Hi everyone, Is there a way, that I do not need to run the email history job to send emails via Workflows? I tried disabling the following setting, which has not changed the behaviour noticably: Cheers
Hi Rushi, I have a same requirement where I want the request to be auto-approved if the requestee is a part of a specific usergroup and I used your query in If else block with Groovy language: But I am receiving below error message in UI when I tr...
Hello everyone, We want people to ask a role where there are 2 entitlements of endpoint1 and 1 entitlement of endpoint2, with the role Saviynt creates also new accounts for people who don't have an account on these endpoints.But the problem here is t...
Issue: SOD Approval WorkflowIssue Description:Currently, our workflow has two stages: manager and endpoint owner level. Our goal is to implement an improved access approval workflow that includes an additional level - Risk owner approval for entitlem...
Our tasks are automatically discontinued when a user submits a new request for the same endpoint. This scenario involves a disconnected application where manual tasks are generated. Consequently, a single user can submit requests for themselves, and ...
HiI created an access approval workflow that has three steps.1.Step : Manager approval2.Step: First user group approversIn this step I use custom assignment but this doesn't work. (here for the value of the filter in sql code I take the value from th...
For some reason, if there is an SoD violation, after it goes through manager approval, even the entitlements that have not caused an SoD violation is going to the SoD approvers. Why is that? This is causing issues because the SoD approver is rejectin...
Hello,When an enterprise role is approved, we aim to send an email to the user, informing them that the role will be provisioned within a few hours. We have a requirement to send emails only for approved role requests that have a custom property pop...
Hello Team,We need some help in setting up the workflow.As a part of Access Request, we have enabled both Entitlement + Application Role Request.We are looking for an assistance to setup 2 level approval workflow.1. Whole request must go to Manager a...
Hi Team,Could you please help to achieve the below use case?-> Role - A has Ent-1 with CP10='ABC' & Ent-2 with CP10='XXX'.-> Ent-1 has to get auto approved and Ent-2 need to go through the approval process. in the If Else block, I have tried below co...