Saviynt SAVIGA-C01 Saviynt Certified IGA Professional Exam (L100) Exam Practice Test

Answer : D

Saviynt primarily leverages SAML 2.0 as its core authentication mechanism. SAML (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between parties, in this case, between users and Saviynt. It allows for secure, single sign-on experiences.

While Saviynt can interact with databases, REST APIs, and LDAP directories for various purposes like identity data aggregation or provisioning, these are not its primary authentication methods.

Databases: Saviynt can connect to databases to pull identity information, but the platform itself doesn't authenticate users directly against a database.

REST: REST APIs are used for programmatic interaction with Saviynt, not typically for initial user authentication.

LDAP: While LDAP can be a source of identity data, Saviynt's core authentication relies on SAML for its standardized and secure approach.

Key Saviynt IGA references supporting this:

Saviynt Documentation: The official Saviynt documentation consistently refers to SAML as the primary authentication mechanism.

Saviynt Connectors: Saviynt provides pre-built connectors for various identity providers (IdPs) that support SAML, further emphasizing its reliance on this standard.

Saviynt Training Materials: Saviynt's training courses and certifications highlight SAML's role in the platform's authentication framework.

Answer : A

In Saviynt's SSO setup, the 'Max Authentication Session' parameter determines the maximum duration of an SSO session within Saviynt, overriding any longer durations set by the Identity Provider (IdP).

Session Duration Logic: Saviynt's internal session timeout setting takes precedence over the IdP's session timeout. This ensures that Saviynt can enforce its own security policies regarding session lifetimes.

Why other options are incorrect:

B . 10,000 seconds: This is the IdP's session logout value, but Saviynt's 'Max Authentication Session' setting overrides it.

C . 3600 seconds: This is the default value, but the question specifies a configured value of 5000 seconds.

Saviynt IGA Reference:

Saviynt Documentation: The documentation for configuring SSO settings within Saviynt explains the 'Max Authentication Session' parameter and its impact on session duration.

Saviynt Best Practices: Saviynt's best practices for SSO often recommend aligning session timeouts between the IdP and Saviynt to avoid confusion and potential security gaps.

Answer : C

To view the Entitlements Query used in a previously launched Campaign in Saviynt, a Campaign Owner can use the C. Campaign Summary. Here's why:

Saviynt's Campaign Summary: The Campaign Summary provides a detailed overview of a campaign's configuration, including:

Campaign Scope: The users, applications, or entitlements included in the campaign.

Filters and Queries: Any filters or queries used to define the campaign scope, including the Entitlements Query.

Certifier Information: Details about the assigned certifiers.

Schedule: The campaign's start and end dates.

Status: The current status of the campaign (e.g., Active, Completed, Expired).

Accessing the Entitlements Query: The Campaign Summary typically includes a section that displays the exact query used to select the entitlements included in the campaign.

Why Other Options Are Less Suitable:

A . Reconfigure option: While you might be able to see the query by going into the reconfiguration, it's not the most direct way. The Campaign Summary is designed to provide this information readily.

B . Campaign Export: Exporting the campaign data might include the list of entitlements but not necessarily the original query used to select them.

D . Export option at the top right corner of the page, next to the Refresh Progress option: This option typically exports the current view of the campaign data, not the underlying configuration details like the Entitlements Query.

In conclusion: The Campaign Summary in Saviynt is the most direct and convenient place for a Campaign Owner to review the detailed configuration of a campaign, including the Entitlements Query used to define the campaign's scope.

Answer : B

To have multiple users as Campaign Owners for a User Manager Campaign in Saviynt, the appropriate configuration is to B. Create a user group and choose the user group as the Campaign Owner. Here's the explanation:

Saviynt's User Groups: User groups are collections of users that can be used for various purposes, including assigning roles, permissions, and ownership.

Campaign Owner as a User Group: Saviynt allows you to specify a user group as the owner of a campaign. This means that all members of the group will have the same campaign ownership permissions.

Benefits of Using a User Group:

Simplified Management: It's easier to manage a group of users than to assign individual users as campaign owners.

Flexibility: You can easily add or remove users from the group to adjust campaign ownership as needed.

Shared Responsibility: All members of the group share responsibility for managing the campaign.

Why Other Options Are Less Suitable:

A . Create a user Query and add users: While you can use queries to select users, directly using a user group is a more standard and manageable approach for assigning multiple campaign owners.

C . Create a Roles Query and add Roles of various users: Roles are typically used for granting access rights, not for defining campaign ownership.

D . Create an Organization Query and add users: Organization queries are related to the organizational structure and are not the best way to define a group of campaign owners.

In conclusion: Using a user group as the Campaign Owner in Saviynt provides a flexible and manageable way to assign multiple users as owners, simplifying administration and promoting shared responsibility for campaign management.

Answer : B

The process of Attestation or Certification in the context of Saviynt can be best described as B . Access Reviews. Here's why:

Attestation/Certification: These terms are often used interchangeably in the context of identity governance. They refer to the process of formally reviewing and approving or revoking user access rights.

Access Reviews: This is the broader term that encompasses the entire process of periodically reviewing user access to ensure it is appropriate and aligned with business needs and security policies. Attestation and Certification are specific actions performed within an access review.

Saviynt's Campaigns: Saviynt's campaigns are designed to facilitate and manage access reviews.

Why Other Options Are Less Suitable:

A . Segregation of Duties: SoD is a principle that aims to prevent fraud and errors by dividing critical tasks among different individuals. While access reviews can help enforce SoD, they are not the same thing.

C . Access Request: This is the process of requesting access to resources, which is a separate process from reviewing existing access.

D . Application Onboarding: This is the process of integrating an application into Saviynt, which is a prerequisite for access reviews but not the review process itself.

In conclusion: Attestation or Certification, as performed within Saviynt campaigns, are integral parts of the broader process of Access Reviews, which aim to ensure that user access is appropriate, authorized, and aligned with security policies.

Answer : D

In Saviynt, Enterprise Roles are specifically designed to encompass entitlements that span multiple applications. This is in contrast to Application Roles, which are limited to entitlements within a single application.

Enterprise Roles: Provide a way to group entitlements across different applications, reflecting a user's overall job function or responsibilities within the organization. This is essential for managing access for users who need permissions in various systems to perform their duties.

Other Role Types:

Application Role: Grants permissions specific to a single application.

Transactional Role: Focuses on granting permissions for specific tasks or transactions within an application.

Enabler Role: Provides supplementary permissions that enhance or support other roles.

Saviynt IGA Reference:

Saviynt Documentation: The section on Role Management within Saviynt's documentation clearly defines the different role types and their purposes.

Saviynt Training Materials: Saviynt's training courses emphasize the importance of Enterprise Roles in managing cross-application access.

Answer : C

In Saviynt's SAML 2.0 based Single Sign-On (SSO) configuration, the 'SP Entity ID' uniquely identifies Saviynt as the Service Provider (SP) to the Identity Provider (IdP). The correct SSO URL structure incorporates this 'SP Entity ID' within a specific path.

Saviynt's URL Structure: Saviynt's SSO URLs follow a pattern to ensure proper routing and authentication. The /ECM/saml/SSO/alias/ portion is crucial for directing SAML-based login attempts.

Why the other options are incorrect:

A . https://myorg.saviyntcloud.com/ECM/saml/SSO/SaviyntSP: This URL is missing the crucial 'alias' segment in the path, making it invalid for SAML SSO.

B . https://myorg.saviyntcloud.com/SaviyntSP: This URL doesn't include the necessary components for SAML-based authentication within Saviynt.

Saviynt IGA Reference:

Saviynt Documentation: Saviynt's official documentation on configuring SAML SSO provides details on the correct URL structure and the significance of the 'SP Entity ID.'

Saviynt Support: Saviynt's support resources and knowledge base articles often address issues related to SSO configuration, reinforcing the correct URL format