Saviynt Certified IGA Professional Exam (L100) SAVIGA-C01 Exam Questions

Answer : D

In Saviynt, Enterprise Roles are specifically designed to encompass entitlements that span multiple applications. This is in contrast to Application Roles, which are limited to entitlements within a single application.

Enterprise Roles: Provide a way to group entitlements across different applications, reflecting a user's overall job function or responsibilities within the organization. This is essential for managing access for users who need permissions in various systems to perform their duties.

Other Role Types:

Application Role: Grants permissions specific to a single application.

Transactional Role: Focuses on granting permissions for specific tasks or transactions within an application.

Enabler Role: Provides supplementary permissions that enhance or support other roles.

Saviynt IGA Reference:

Saviynt Documentation: The section on Role Management within Saviynt's documentation clearly defines the different role types and their purposes.

Saviynt Training Materials: Saviynt's training courses emphasize the importance of Enterprise Roles in managing cross-application access.

Answer : B

A Request Rule in Saviynt is triggered B. When an Access Request is created and matches the conditions. Here's a detailed explanation:

Saviynt's Request Rules: Request Rules are a type of rule specifically designed to govern the access request process.

Triggering Event: The primary trigger for a Request Rule is the creation of a new access request within Saviynt's Access Request System (ARS).

Condition Evaluation: When a new request is submitted, Saviynt evaluates the conditions defined in any applicable Request Rules. These conditions can be based on:

Requester Attributes: (e.g., department, location, job title)

Beneficiary Attributes: (if the request is for another user)

Requested Resource: (e.g., application, role, entitlement)

Request Details: (e.g., requested start/end dates)

Rule Actions: If the conditions of a Request Rule are met, the rule's defined actions are executed. These actions can include:

Modifying the request: (e.g., adding approvers, changing the approval workflow)

Auto-approving or auto-rejecting the request:

Generating notifications:

Triggering other workflows:

Other Options:

A . When a user is imported: This might trigger User Update Rules or birthright rules, but not Request Rules.

C . When the Run Detective Rule job is run: This job evaluates detective rules, not Request Rules.

D . When changes are detected in the import: This could trigger various rules, but not specifically Request Rules.

Answer : D

In Saviynt, a User represents the unique identity of a person. It's the central object that ties together all the information about an individual, including their accounts, entitlements, roles, and attributes.

Why other options are incorrect:

Endpoint: Represents a system or application, not a person.

Employee: While many users might be employees, the term 'user' is more general and can include contractors, partners, etc.

Account: Represents a user's access to a specific system, not their overall identity.

Saviynt IGA Reference:

Saviynt Documentation: Throughout the documentation, 'User' consistently refers to the individual's identity within the system.

Saviynt User Interface: The User Management section in Saviynt focuses on managing the lifecycle and access of individual users.

Answer : A

In Saviynt's SSO setup, the 'Max Authentication Session' parameter determines the maximum duration of an SSO session within Saviynt, overriding any longer durations set by the Identity Provider (IdP).

Session Duration Logic: Saviynt's internal session timeout setting takes precedence over the IdP's session timeout. This ensures that Saviynt can enforce its own security policies regarding session lifetimes.

Why other options are incorrect:

B . 10,000 seconds: This is the IdP's session logout value, but Saviynt's 'Max Authentication Session' setting overrides it.

C . 3600 seconds: This is the default value, but the question specifies a configured value of 5000 seconds.

Saviynt IGA Reference:

Saviynt Documentation: The documentation for configuring SSO settings within Saviynt explains the 'Max Authentication Session' parameter and its impact on session duration.

Saviynt Best Practices: Saviynt's best practices for SSO often recommend aligning session timeouts between the IdP and Saviynt to avoid confusion and potential security gaps.

Answer : A

It is True that multiple indices can be selected while creating Analytics using the Elasticsearch Query in Saviynt. Here's why:

Saviynt's Analytics and Elasticsearch: Saviynt's analytics capabilities are often built on top of Elasticsearch, a powerful search and analytics engine.

Indices in Elasticsearch: In Elasticsearch, an index is like a database table. It's a collection of documents with similar characteristics. Saviynt uses indices to store various types of data, such as user data, account data, entitlement data, and event logs.

Multi-Index Queries: Elasticsearch allows you to query across multiple indices simultaneously. This is a fundamental feature of the search engine.

Saviynt's Interface: When creating analytics in Saviynt using Elasticsearch queries, the interface typically allows you to select multiple indices as the data source for your analysis.

Use Cases: This capability is essential for creating comprehensive analytics that span different data domains. For example, you might want to analyze user access patterns (from one index) in conjunction with application usage data (from another index).

In conclusion: The ability to select multiple indices is a core feature of Elasticsearch and is supported within Saviynt's analytics interface,

Answer : D

To make an Entitlement request time-bound in Saviynt, the configuration used on the Entitlement Type is D. Start Date/End Date while raising a Request. Here's a breakdown:

Saviynt's Entitlement Management: Entitlements represent specific access rights within an application. Saviynt allows fine-grained control over how these entitlements are requested and granted.

Entitlement Type Configuration: Within Saviynt, each Entitlement Type can be configured with various settings that govern its behavior during access requests.

Time-Bound Access: To enforce time-limited access, Saviynt provides the option to require a Start Date and End Date during the request process.

'Start Date/End Date while raising a Request': This configuration setting, when enabled on an Entitlement Type, forces the requester to specify a desired start and end date for the access. This ensures that the granted access will only be valid for a specific period.

Saviynt's Workflow Engine and Provisioning: When a request with a start and end date is approved, Saviynt's workflow engine will typically handle the provisioning and de-provisioning based on these dates. If connected integration is set up, it may schedule the activation and deactivation of the access in the target system accordingly.

Other Options:

A . Ask for Start Date while revoking: This setting is related to revoking access, not granting time-bound access.

B . Allow update of Access End Date: This allows modification of the end date after the access has been granted, but it doesn't enforce a time-bound request from the outset.

C . Config JSON for Request Dates: While JSON might be used internally for configuration, this is not the specific setting that directly enables time-bound access requests.

In summary: The 'Start Date/End Date while raising a Request' configuration on an Entitlement Type in Saviynt is the key to enforcing time-bound access, ensuring that access is granted only for a specific, pre-defined period.

Answer : A

The UIADMIN ROLE in Saviynt grants users the privilege to edit UI (User Interface) labels. This role is crucial for customizing the Saviynt interface to align with an organization's terminology and branding.

UI Customization: Saviynt allows administrators to modify various UI elements, including labels, to improve user experience and comprehension. The UIADMIN ROLE provides the necessary permissions for these modifications.

Why other options are incorrect:

The other options are not standard Saviynt roles and do not have any associated privileges for UI label editing.

Saviynt IGA Reference:

Saviynt Documentation: The documentation on Saviynt's administration and configuration settings includes information about UI customization and the associated UIADMIN ROLE.

Saviynt Support: Saviynt's support resources may contain articles or knowledge base entries related to UI customization and the permissions required.