What is a Campaign?
In Saviynt, a Campaign is best described as a D. Group of similar Certifications. Here's a breakdown:
Saviynt's Campaigns and Certifications:
Campaign: A container that defines the scope, schedule, participants, and other settings for a set of related access certifications.
Certification: The individual review task assigned to a Certifier (e.g., a manager reviewing their subordinates' access, an application owner reviewing users of their application).
Analogy: Think of a Campaign as a project, and Certifications as individual tasks within that project.
Purpose of Campaigns: Campaigns provide a structured way to manage and track access reviews, ensuring that they are conducted regularly and consistently.
Examples of Campaigns:
User Manager Campaign: Groups certifications where managers review their subordinates' access.
Entitlement Owner Campaign: Groups certifications where entitlement owners review who has access to their entitlements.
Application Owner Campaign: Groups certifications where application owners review who has access to their applications.
Why Other Options Are Incorrect:
A . Group of similar Endpoints: Endpoints are systems or applications connected to Saviynt, not the primary grouping within a campaign.
B . Group of User Groups: User groups are collections of users, not the defining element of a campaign.
C . Group of Dashboards: Dashboards provide visualizations of data, but they are not the core component of a campaign.
In conclusion: A Campaign in Saviynt is essentially a container for a set of related access certifications, providing a framework for managing and organizing the review process based on specific criteria and objectives.
Which of the following Jobs is responsible for configuring a dashboard in a Campaign?
The Job responsible for configuring a dashboard (among other configurations) in a Saviynt Campaign is B. Create or Schedule Attestation Job. Here's a detailed explanation:
Saviynt's Campaigns: Campaigns in Saviynt are used for access certification, allowing reviewers (Certifiers) to review and approve or revoke user access.
Create or Schedule Attestation Job: This job is the core mechanism for creating and configuring various aspects of a campaign, including:
Campaign Scope: Defining which users, entitlements, or resources are included in the campaign.
Certifier Selection: Specifying who will be the reviewers for the campaign.
Scheduling: Setting the start and end dates for the campaign.
Notifications: Configuring email notifications for Certifiers and other stakeholders.
Dashboard Configuration: Defining the information and layout displayed on the campaign dashboard for Certifiers. This includes selecting which data points, charts, and filters are visible.
Why Other Options Are Incorrect:
A . Campaign Export Job: This job is used to export campaign data, not to configure the campaign itself.
C . Campaign Import Job: This job is used to import data into a campaign, typically from an external source.
D . Upgrade Job: This job is related to upgrading the Saviynt platform, not to campaign configuration.
In summary: The 'Create or Schedule Attestation Job' is the central job for setting up and configuring all aspects of a Saviynt campaign, including the dashboard that provides Certifiers with a summarized view of the certification data.
If you want an application to be available for requesting access (self or other), which of the following should be configured?
To make an application available for access requests (either self-service or requests for others), the Access Add Workflow needs to be configured within Saviynt. This workflow defines the process that governs how access to the application is granted. Here's a breakdown with Saviynt IGA references:
Saviynt's Access Request System (ARS): This is the module within Saviynt that handles access requests. The ARS relies on defined workflows to manage the approval and provisioning process.
Access Add Workflow: This specific type of workflow within Saviynt's ARS is triggered when a user requests access to an application or entitlement. It dictates the steps involved, such as:
Requester Details: Capturing information about who is requesting access.
Application/Entitlement Selection: The user selects the application (and potentially specific roles or entitlements within that application) for which they are requesting access.
Approval Routing: Defining the approval chain (e.g., manager approval, application owner approval, etc.). This is configured within the workflow using various approval activities.
Provisioning: Upon approval, the workflow can trigger automated provisioning of access to the target system (if connected integration is set up).
Saviynt's Application Onboarding: For an application to be available in the ARS, it needs to be onboarded into Saviynt. During this process, you would typically define the relevant entitlements (access rights) associated with the application.
Workflow Configuration in Saviynt: Saviynt's admin interface allows administrators to create and customize workflows using a visual designer. This includes setting up conditions, defining approval steps, and configuring actions to be taken at each stage of the workflow.
Other options:
Proposed Accounts Workflow: This is less common, often used to suggest potential accounts during the request or account creation process. It's not the primary mechanism for making an application available for access requests.
Access Remove Workflow: This workflow is used when access needs to be revoked, not granted.
Emergency Access ID Request Workflow: This workflow is specific to requesting temporary, elevated access in emergency situations. It's not the workflow for general access requests to applications.
An Application Owner Campaign can have multiple primary Certifiers and a single secondary Certifier.
The statement 'An Application Owner Campaign can have multiple primary Certifiers and a single secondary Certifier' is generally False in Saviynt. Here's why:
Saviynt's Application Owner Campaign: This campaign type is designed for Application Owners to review and certify access to their applications.
Primary Certifier: There is usually a single designated Application Owner for each application. This is because application ownership is typically a single point of accountability. While it is technically possible to assign multiple owners, it is not considered a best practice.
Secondary Certifiers (Backup/Delegates): Application Owner Campaigns can have multiple secondary certifiers. These are often used as:
Backup: To ensure the campaign can proceed if the primary certifier is unavailable.
Delegates: To allow the primary certifier to delegate some of the certification tasks.
Consultants: Other stakeholders, such as security or compliance teams, who can be consulted during the decision-making process.
Why the Statement Is Generally False: The core principle of application ownership implies a single point of accountability. While multiple secondary certifiers can assist, having multiple primary certifiers can lead to confusion and conflicting decisions.
Possible Exceptions (Less Common):
Highly Customized Configurations: In some very specific scenarios, organizations might customize Saviynt to allow multiple primary certifiers for an application, but this is not a standard or recommended practice.
Adam, an Admin, created a rule to provide birthright access; however, the access should be deprovisioned when the condition fails. Which of the following options should be applied for this scenario?
To automatically deprovision birthright access when the defining condition fails, the correct option is C. Remove the birthright Access if the condition fails under the created Rule. Here's a detailed explanation:
Saviynt's Birthright Access (Automatic Provisioning): Saviynt allows administrators to define rules that automatically grant access (birthright access) based on user attributes or other criteria (e.g., new hires in a specific department automatically get access to certain applications).
Rule-Based Access Management: These rules are a core part of Saviynt's access management capabilities, allowing for dynamic and automated provisioning.
'Remove the birthright Access if the condition fails': This option, typically found within the birthright rule configuration itself, is crucial for ensuring that access is revoked when the conditions that granted it are no longer met.
Example: If a user is granted access to an application because they are in the 'Sales' department, and they are later moved to the 'Marketing' department, the condition for the birthright rule would fail, and Saviynt would automatically deprovision the access.
Saviynt's Continuous Monitoring: Saviynt continuously monitors user attributes and rule conditions. When a change occurs that causes a condition to fail, the deprovisioning action is triggered.
Other Options:
A . Remove the Access Rule: This would remove the entire rule, preventing it from granting access to anyone, not just the user whose condition has failed.
B . Apply a new Technical Rule to remove the Access: While technically possible, it's less efficient and more complex than using the built-in option within the birthright rule.
D . Use the Request Rule: Request Rules are for access requests, not for automatically provisioning or deprovisioning birthright access.
