To have multiple users as Campaign Owners for a User Manager Campaign in Saviynt, the appropriate configuration is to B. Create a user group and choose the user group as the Campaign Owner. Here's the explanation:

Saviynt's User Groups: User groups are collections of users that can be used for various purposes, including assigning roles, permissions, and ownership.

Campaign Owner as a User Group: Saviynt allows you to specify a user group as the owner of a campaign. This means that all members of the group will have the same campaign ownership permissions.

Benefits of Using a User Group:

Simplified Management: It's easier to manage a group of users than to assign individual users as campaign owners.

Flexibility: You can easily add or remove users from the group to adjust campaign ownership as needed.

Shared Responsibility: All members of the group share responsibility for managing the campaign.

Why Other Options Are Less Suitable:

A . Create a user Query and add users: While you can use queries to select users, directly using a user group is a more standard and manageable approach for assigning multiple campaign owners.

C . Create a Roles Query and add Roles of various users: Roles are typically used for granting access rights, not for defining campaign ownership.

D . Create an Organization Query and add users: Organization queries are related to the organizational structure and are not the best way to define a group of campaign owners.

In conclusion: Using a user group as the Campaign Owner in Saviynt provides a flexible and manageable way to assign multiple users as owners, simplifying administration and promoting shared responsibility for campaign management.

The feature that best describes the Authorization mechanism for the EIC (Enterprise Identity Cloud) application in Saviynt is A. Security System. Here's an explanation:

Saviynt's Security System: This is the core component within Saviynt that handles authentication and authorization for various applications and resources, including EIC.

Authorization in EIC: The Security System determines what actions users are allowed to perform within EIC, such as:

Creating, updating, or deleting users.

Managing roles and entitlements.

Running reports.

Configuring connections.

Role-Based Access Control (RBAC): The Security System typically uses RBAC to manage these permissions. Users are assigned to roles, and roles are granted specific permissions within EIC.

Why Other Options Are Less Relevant:

B . SSO (Single Sign-On): SSO is an authentication mechanism that allows users to log in once and access multiple applications. While Saviynt supports SSO, it's not the primary authorization mechanism for EIC.

C . WSRETRY Job: This is a job related to retrying web service calls, not authorization.

The object that is available in the User Update Rule to configure Rule conditions in Saviynt is A . Users. Here's an explanation:

User Update Rule Purpose: As mentioned before, User Update Rules are used to automatically update user attributes based on certain conditions.

Condition Based on User Attributes: The conditions for triggering a User Update Rule are primarily based on attributes of the User object itself.

Examples of User Attributes: These attributes can include:

User Status: (e.g., Active, Inactive, Disabled)

Department:

Location:

Job Title:

Manager:

Custom Attributes: Any custom attributes defined for users in your Saviynt environment.

Triggering the Rule: When a user's attributes change, and those changes match the conditions defined in a User Update Rule, the rule is triggered.

Other Options:

B . Accounts: While account attributes can be updated as an action of a User Update Rule, the conditions for triggering the rule are typically based on user attributes, not account attributes.

C . Roles: Similar to accounts, roles can be assigned or removed as an action of a User Update Rule, but the triggering conditions are usually based on user attributes.

D . Entitlements: Entitlements are also typically managed as an action of a User Update Rule, not as part of the triggering condition.

In conclusion: The User object and its attributes are the primary focus for defining conditions within a Saviynt User Update Rule. Changes to user attributes trigger the rule, which can then perform actions such as updating other user attributes, accounts, roles, or entitlements.

To save different settings for various categories of Manager Access Reviews within User Manager Campaigns, a Campaign Owner can create C. Campaign Templates. Here's why:

Saviynt's Campaign Templates: Templates allow you to pre-configure various settings for a campaign and save them as a reusable template. This includes settings related to:

Campaign Scope: Defining which users, applications, or entitlements are included.

Certifier Selection: Specifying the type of certifiers (e.g., Managers, Application Owners).

Scheduling and Notifications: Setting up the campaign schedule and email notifications.

Advanced Configurations: Including filters, risk scores, and other advanced settings.

Multiple Templates for Different Categories: A Campaign Owner can create multiple templates, each tailored to a specific category of Manager Access Review. For example:

Template 1: For high-risk applications, with stricter filters and more frequent reviews.

Template 2: For low-risk applications, with broader scope and less frequent reviews.

Template 3: For specific departments or business units, with customized certifier selection.

Benefits of Using Templates:

Consistency: Ensures that similar types of reviews are conducted consistently.

Efficiency: Saves time by eliminating the need to configure each campaign from scratch.

Reduced Errors: Minimizes the risk of manual configuration errors.

Why Other Options Are Less Suitable:

A . Global Configurations: Global configurations apply to all campaigns, not to specific categories of reviews.

B . Campaign Types: Campaign types (e.g., User Manager, Entitlement Owner) define the overall purpose of the campaign, not the specific settings for different categories within a campaign type.

D . Campaign Previews: Previews are for reviewing the campaign data before launch, not for saving different configurations.

In conclusion: Campaign Templates in Saviynt provide a powerful way to save and reuse different configurations for various categories of Manager Access Reviews, promoting consistency, efficiency, and accuracy in the certification process.

In the given scenario, where ABC Company has a one-level workflow with the manager as the sole approver, and Margaret (Edward's manager) raises a request on behalf of Edward, the statement that would be true/applicable is A. Manager's approval is auto-approved. Here's why:

Saviynt's Workflow Configuration: Saviynt allows for the configuration of various workflow scenarios, including auto-approval based on certain conditions.

Self-Approval Prevention/Auto-Approval: A common security best practice is to prevent users from approving their own access requests. However, when a manager requests on behalf of a subordinate, this is considered a delegated request and many organizations find it acceptable to auto-approve since the approval should be implicit in the act of requesting.

Manager Requesting on Behalf: When a manager initiates a request for a subordinate, it's often considered an implicit approval. The manager is essentially saying, 'I approve this access for my team member.'

Saviynt's Default Behavior (Typically): By default, or through common configuration practices, Saviynt is often set up to recognize this scenario and auto-approve the manager's approval step in the workflow. This streamlines the process and avoids unnecessary delays.

Configuration Options: While auto-approval is common, Saviynt's workflow engine is flexible. It's possible to configure it differently, for instance, to still require explicit manager approval even in this scenario. However, this is less typical.

Other Options:

B . Manager's approval is auto-rejected: This is highly unlikely and would defeat the purpose of having a manager initiate the request.

C . Manager must manually approve/reject the request: While possible through configuration, it's not the typical or default behavior in this scenario.

D . None of the above: Option A is the most likely and common outcome.

In summary: In a one-level workflow where the manager is the approver, and the manager requests access on behalf of a subordinate, Saviynt is typically configured to auto-approve the manager's approval step, streamlining the process and reflecting the implicit approval inherent in the manager's action.