Saviynt SAVIGA-C01 Exam Questions

The statement 'An Application Owner Campaign can have multiple primary Certifiers and a single secondary Certifier' is generally False in Saviynt. Here's why:

Saviynt's Application Owner Campaign: This campaign type is designed for Application Owners to review and certify access to their applications.

Primary Certifier: There is usually a single designated Application Owner for each application. This is because application ownership is typically a single point of accountability. While it is technically possible to assign multiple owners, it is not considered a best practice.

Secondary Certifiers (Backup/Delegates): Application Owner Campaigns can have multiple secondary certifiers. These are often used as:

Backup: To ensure the campaign can proceed if the primary certifier is unavailable.

Delegates: To allow the primary certifier to delegate some of the certification tasks.

Consultants: Other stakeholders, such as security or compliance teams, who can be consulted during the decision-making process.

Why the Statement Is Generally False: The core principle of application ownership implies a single point of accountability. While multiple secondary certifiers can assist, having multiple primary certifiers can lead to confusion and conflicting decisions.

Possible Exceptions (Less Common):

Highly Customized Configurations: In some very specific scenarios, organizations might customize Saviynt to allow multiple primary certifiers for an application, but this is not a standard or recommended practice.

The UIADMIN ROLE in Saviynt grants users the privilege to edit UI (User Interface) labels. This role is crucial for customizing the Saviynt interface to align with an organization's terminology and branding.

UI Customization: Saviynt allows administrators to modify various UI elements, including labels, to improve user experience and comprehension. The UIADMIN ROLE provides the necessary permissions for these modifications.

Why other options are incorrect:

The other options are not standard Saviynt roles and do not have any associated privileges for UI label editing.

Saviynt IGA Reference:

Saviynt Documentation: The documentation on Saviynt's administration and configuration settings includes information about UI customization and the associated UIADMIN ROLE.

Saviynt Support: Saviynt's support resources may contain articles or knowledge base entries related to UI customization and the permissions required.

To save different settings for various categories of Manager Access Reviews within User Manager Campaigns, a Campaign Owner can create C. Campaign Templates. Here's why:

Saviynt's Campaign Templates: Templates allow you to pre-configure various settings for a campaign and save them as a reusable template. This includes settings related to:

Campaign Scope: Defining which users, applications, or entitlements are included.

Certifier Selection: Specifying the type of certifiers (e.g., Managers, Application Owners).

Scheduling and Notifications: Setting up the campaign schedule and email notifications.

Advanced Configurations: Including filters, risk scores, and other advanced settings.

Multiple Templates for Different Categories: A Campaign Owner can create multiple templates, each tailored to a specific category of Manager Access Review. For example:

Template 1: For high-risk applications, with stricter filters and more frequent reviews.

Template 2: For low-risk applications, with broader scope and less frequent reviews.

Template 3: For specific departments or business units, with customized certifier selection.

Benefits of Using Templates:

Consistency: Ensures that similar types of reviews are conducted consistently.

Efficiency: Saves time by eliminating the need to configure each campaign from scratch.

Reduced Errors: Minimizes the risk of manual configuration errors.

Why Other Options Are Less Suitable:

A . Global Configurations: Global configurations apply to all campaigns, not to specific categories of reviews.

B . Campaign Types: Campaign types (e.g., User Manager, Entitlement Owner) define the overall purpose of the campaign, not the specific settings for different categories within a campaign type.

D . Campaign Previews: Previews are for reviewing the campaign data before launch, not for saving different configurations.

In conclusion: Campaign Templates in Saviynt provide a powerful way to save and reuse different configurations for various categories of Manager Access Reviews, promoting consistency, efficiency, and accuracy in the certification process.

To decommission an AD Group and revoke access for all users, Jane should use D. Entitlement Owner Certification. Here is why:

AD Group as an Entitlement: In Saviynt, an AD Group is typically represented as an Entitlement.

Entitlement Owner Certification: This type of campaign allows the designated owner of an entitlement (in this case, Jane, as the manager of the AD Group) to review and certify who should have access to that entitlement.

Revoking Access: As the Entitlement Owner, Jane can use the certification campaign to:

Review the list of users: See all users who are currently members of the AD Group.

Revoke access for all users: Mark all users for removal from the group.

Decommissioning the Group: After revoking access for all users through the certification, Jane can then proceed with decommissioning the AD Group itself (either through Saviynt if it manages AD group lifecycle or directly in Active Directory).

Why Other Options Are Less Suitable:

A . Segregation of Duties: SoD is a principle, not a specific action for revoking access.

B . Entitlement Update Rule: While rules can automate some actions, a certification campaign provides a more controlled and auditable way to review and revoke access, especially for a sensitive action like decommissioning a group.

C . Mitigation Control: Mitigation controls are used to manage SoD conflicts, not for revoking access to entitlements.

In conclusion: An Entitlement Owner Certification campaign provides a structured and auditable way for Jane to review the membership of the AD Group, revoke access for all users, and prepare for the group's decommissioning, aligning with best practices for access management.

The statement is False. In the provided USER_IMPORT_MAPPING, USERNAME is the user attribute defined in EIC (Enterprise Identity Cloud), and wd:User_Name is the attribute defined in Workday. Here's a breakdown:

Saviynt's USER_IMPORT_MAPPING: This configuration within a connection (in this case, Workday RAAS) defines how data from the connected system (Workday) should be mapped to attributes within Saviynt's EIC.

ImportMapping: This section specifies the mapping between source attributes (Workday) and target attributes (EIC).

USERNAME: In the provided mapping, USERNAME (without the wd: prefix) is the target attribute, meaning it's an attribute within Saviynt's EIC.

wd:User_Name: The wd: prefix typically indicates a Workday attribute. Therefore, wd:User_Name is the source attribute from Workday.

~#~string: This likely indicates the data type of the attribute (string in this case).

Correct Interpretation: The mapping is saying: 'Take the value of the wd:User_Name attribute from Workday and map it to the USERNAME attribute in EIC.'

In essence: The USER_IMPORT_MAPPING defines how data from Workday is translated into Saviynt's internal data model, and in this case, USERNAME belongs to Saviynt (EIC), while wd:User_Name belongs to Workday.