Saviynt Forums

gwagh · ‎03/24/2024

Hi Team,

We have an requirement where we have to implement two level access certification. 1st End user will review their own access and will take action once he lock the certificate then User Manager should trigger based on end user certification.

Is this use case doable or not ?

rushikeshvartak · ‎03/24/2024

Yes you can perform use tiered certification

Yes, implementing a two-level access certification process, as described in your use case, is certainly feasible and is a common practice in identity governance and administration (IGA) solutions like Saviynt. Let's break down the process:

End User Review: In the first level, end users review their own access rights and certifications. They are presented with a list of their assigned access privileges, roles, or permissions. The end user reviews these access rights and can either approve them or request changes if necessary. Once the end user is satisfied with the review, they lock or submit their certification.
User Manager Review: After the end user completes their certification, the system triggers a notification or workflow to the user's manager or an appropriate reviewer based on predefined rules. The user manager reviews the access certifications of their direct reports and either approves or rejects them. If any changes are required, the user manager can initiate corrective actions or request further information from the end user.

Refer https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter15-Campaigns-and-Certificati...

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

gwagh · ‎03/24/2024

Okay, So in second step what exactly we have to configure User Manager Certification?

rushikeshvartak · ‎03/24/2024

Refer documentation link https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter15-Campaigns-and-Certificati...

Sample Account Entitlements1 Query:

(ae1.accountkey, ae1.entitlement_valuekey) in (select distinct ae.accountkey,ae.entitlement_valuekey from Account_entitlements1 ae , Certification_account_entitlement1_status cae, Certification_account ca, Certification_entitlement_value cev , Accounts a, Entitlement_values ev, Campaign c, Certification ce where cae.certified!='3' and cae.cert_accountkey = ca.id and ca.accountkey= a.id and a.id = ae.accountkey and cae.cert_entitlement_valuekey = cev.id and cev.entitlement_valuekey = ev.id and ev.id= ae.entitlement_valuekey and c.id = ce.campaignKey and ce.id = cae.certkey and c.campaignName = 'TieredUM')

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

gwagh · ‎03/24/2024

In the 2nd level user manager certificate we can pass any comment about action taken by end user?

rushikeshvartak · ‎03/25/2024

No

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

gwagh · ‎03/27/2024

I can see the accountName is picked up.

And below is response we are getting .

rushikeshvartak · ‎03/27/2024

It seems this is other thread result post in actual thread with postman screenshot

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

gwagh · ‎03/27/2024

There was json issue. Now I able to import all data thanks.

Saviynt Forums

Two level access recertification