Saviynt Certified Advanced IGA Professional (Level 200) SCAIP Exam Questions

Answer : A, B, D

In Saviynt EIC,SMTP configurationis used to enable email notifications for workflows such as access requests, certifications, alerts, and system communications. To securely connect with mail servers, Saviynt supports multiple authentication mechanisms. The valid authentication modes areNTLM, OAuth, and Basic, making OptionsA, B, and Dcorrect.

Basic Authentication (Option D)is the traditional method where a username and password are used to authenticate with the SMTP server. While widely supported, it is less secure compared to modern methods and is being phased out in many environments.

NTLM (Option A)is commonly used in Microsoft-based environments (e.g., Exchange servers) and provides integrated authentication using Windows credentials, offering better security than basic authentication.

OAuth (Option B)is a modern and more secure authentication mechanism that uses token-based authorization instead of storing credentials. It is commonly used with cloud-based email services such as Microsoft 365 or Google Workspace.

OptionCis incorrect because Saviynt explicitly supports multiple authentication modes.

Thus, NTLM, OAuth, and Basic are the supported SMTP authentication modes in Saviynt.

Answer : C

In Saviynt EIC, cascading relationships between form fields are implemented usingDynamic Attributes configuration, where one field (child) depends on the value of another field (parent). Certain configurations are mandatory to ensure proper functionality.

Option A is required because the system must know what action to perform when the parent attribute changes. Setting it toMappingenables dynamic value population based on parent selection.

Option B is mandatory because theParent Attribute parameterdefines the relationship between parent and child fields. Without this mapping, the system cannot establish dependency.

Option D is also essential since Saviynt configurations arecase-sensitive, and mismatched attribute names will break the cascading logic.

Option C, however, isnot mandatory. TheAction String (CHILD###PARENT)is used in specific advanced scenarios but is not required for standard cascading configurations using mapping and parent attribute settings.

Therefore, the correct answer isC, as it is optional and not required for basic cascading functionality.

Answer : B

The correct answer is B. OAuth access token. Saviynt documentation states that to integrate Saviynt APIs with Saviynt Identity Cloud, an OAuth access token must be generated to authenticate API calls. This is a foundational concept for the API section of Level 200 because even when using Postman or another client, the request must be authenticated before protected endpoints can be called successfully. Saviynt also documents that its APIs are RESTful APIs used to configure and access various platform features, so token-based authentication is central to practical API usage.

The other options are unrelated to Saviynt REST API authentication. SMTP token is not a Saviynt API authentication model, Transport package is used for moving supported configurations between environments, and Dataset key is not the documented authentication requirement for API access. Saviynt's API reference guide further describes version-specific collections, supported methods, requests, and responses, which is exactly why Postman-based testing in certification labs usually starts with authentication setup first. In practical terms, if the OAuth token is missing or invalid, the request will fail even if the endpoint URL and payload are correct. That is why OAuth access token generation is the correct answer.

Answer : D

Saviynt EIC provides multiple flexible integration options with ServiceNow to support different business and operational use cases. Therefore,Option D (All of the above)is correct.

ServiceNow as a Managed Application (Option A)allows Saviynt to treat ServiceNow like any other application, enabling account provisioning, deprovisioning, and access governance directly within ServiceNow using REST connectors.

ServiceNow as a Request Form (Option B)enables organizations to leverage ServiceNow's front-end portal for access requests. Users can initiate requests in ServiceNow, which are then processed and fulfilled by Saviynt, ensuring seamless user experience while maintaining governance.

ServiceNow as a Ticketing System (ITSM) (Option C)is another key integration pattern where Saviynt generates tickets (incidents, requests, or tasks) in ServiceNow for approval workflows, provisioning actions, or tracking purposes. This ensures alignment with enterprise ITSM processes.

These multiple integration models provide flexibility, allowing organizations to choose the approach that best fits their operational and governance requirements.

Answer : B

In Saviynt EIC, the correct configuration for controlling which roles appear in the Access Request screen is theRequest Roles Query / Role Request QueryunderGlobal Configuration. Saviynt's official documentation forConfiguring Role Requestsstates that this setting is used tospecify a query to control the display of roles in Access Request, meaning only roles returned by that query are shown to the requester. That is exactly the use case in this question: filtering the visible role list by a user attribute such as country or location. A query can be written so that users from Country A see only the roles mapped for Country A.

The other options are not correct in this context.SAV Rolecontrols administrative UI permissions in Saviynt, not end-user role catalog filtering.Role Configuration -> User Queryis not the standard setting used to drive request-time role visibility for this scenario. Option D is incorrect because Saviynt explicitly supports this use case through the Request Roles Query capability.

Answer : C

In Saviynt EIC REST connector configurations,attribute mapping between Saviynt and the target applicationis primarily handled during provisioning operations such as account creation and updates. Among the given options,CreateAccountJSONis the correct configuration where attribute mapping is explicitly defined for provisioning new accounts in the target system.

CreateAccountJSON (Option C)contains the payload structure and field mappings that determine how Saviynt attributes (such as username, email, department, etc.) are translated into the target application's API request format. Administrators define mappings using placeholders and transformation logic to ensure correct data flow from Saviynt to the external system.

OptionA (ImportAccountEntJSON)is used for reconciliation (importing accounts and entitlements), not provisioning. OptionB (CreateAccountEntJSON)is not a standard REST connector configuration in Saviynt. OptionD (UpdateAccountJSON)is used for modifying existing accounts, but the primary and most commonly referenced mapping configuration for attribute mapping is defined in CreateAccountJSON during initial provisioning.

Thus,CreateAccountJSONis the correct answer for attribute mapping between EIC and the target application.

Answer : D

In Saviynt EIC,Technical Rulesare essential for automating provisioning, deprovisioning, and enforcing access policies. Following best practices ensures reliability, performance, and governance compliance. Hence,Option D (All of the above)is correct.

Using Advanced Configurations (Option A)allows administrators to implement complex logic, optimize rule execution, and handle sophisticated use cases such as conditional provisioning or attribute-based decisions.

Configuring Retrofit for all rules (Option B)is a recommended practice because it ensures that rules are applied not only to new users but also to existing users. This maintains consistency across the identity repository and prevents access gaps for legacy users.

Including a condition like user.statuskey = 1 (Option C)ensures that rules are applied only to active users. This avoids unnecessary processing for inactive or terminated users and prevents unintended provisioning actions.

Together, these practices improve rule efficiency, reduce errors, and ensure consistent enforcement of identity governance policies across the organization.