Scribd
Upload
1K views16 pages

SaviyntTraining IGA L100 Lab3 Rules Engineering

This document provides instructions for managing identity lifecycles using rules in Saviynt's identity governance and access management software. It covers how to create rules to provision access for new hires, offboard terminated users, and handle promotions and transfers. It also discusses importing user data to trigger the provisioning rules, configuring email templates and delegates to handle approval workflows, and setting up delegates to allow others to approve requests on behalf of managers. The overall aim is to demonstrate how to automate identity and access management across different user lifecycle events using Saviynt's rules engine functionality.

Uploaded by

Ranjitb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views16 pages

SaviyntTraining IGA L100 Lab3 Rules Engineering

This document provides instructions for managing identity lifecycles using rules in Saviynt's identity governance and access management software. It covers how to create rules to provision access for new hires, offboard terminated users, and handle promotions and transfers. It also discusses importing user data to trigger the provisioning rules, configuring email templates and delegates to handle approval workflows, and setting up delegates to allow others to approve requests on behalf of managers. The overall aim is to demonstrate how to automate identity and access management across different user lifecycle events using Saviynt's rules engine functionality.

Uploaded by

Ranjitb
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

CLOUD ACCESS GOVERNANCE AND

INTELLIGENCE

PRODUCT TRAINING

LAB 3
RULES ENGINEERING
FOR MANAGING IDENTITY LIFECYCLE
CONTENTS

INTRODUCTION ....................................................................................................................................................... 3
1. RULES MANAGEMENT .......................................................................................................................................... 3
1.1 Creating Provisioning Rules for Birthright Access............................................................................................ 3
1.2 Import users to trigger rules .......................................................................................................................... 6
2. Email Templates and Delegates .......................................................................................................................... 19
2.1 View Email Templates ...................................................................................................................................19
2.2 Create Email Template (Optional) ................................................................................................................. 20
2.3 Delegates Configuration ............................................................................................................................... 21
2.4 Setup Delegates. .......................................................................................................................................... 22
CONCLUSION ......................................................................................................................................................... 24
INTRODUCTION

Identities have their Lifecycle of getting onboarded, updated and terminated as part of an enterprise ecosystem
driven by users joining, getting promoted, transferred and leaving. Saviynt provides different types of rules to
automatically assign or revoke access based on different conditions.

LAB CASE STUDY


Rules for Automated Access Provisioning during the following Identity Lifecycle events:

• Technical Rule: New hire (Birthright access)


• User Update Rule: Promotion, re-hire, termination

Also, the other important concepts covered are as follows:

• Configuring request workflow for create and update user flows


• Setting up delegates

Logging in to Saviynt

Login to Saviynt using your training credentials provided to you by Saviynt.


1 Technical Rules

1.1 Creating Provisioning Rules for Birthright Access

Employee Rule:
Adding roles and entitlements

• Go to Admin → Policies → Technical Rule


• Click on Actions Tab → Create Technical Rule

• Create a rule for Employee


• Fill in the details as per the screenshot and send for approval (Rule Name: Employee)

Note: Workflow will be auto approved, if rule creation is set for auto-approved.
Note: For the Active Directory::Groups Object Type, use the following entitlements shown in the screenshot:
CN=Security-AD Group Admins,OU=Groups,OU=SaviyntTraining,DC=corpAD,DC=saviynt,DC=com
CN=Security-TrainingGroupAugust,OU=Groups,OU=SaviyntTraining,DC=corpAD,DC=saviynt,DC=com

User Update Rule

Adding termination, Future Dated Off-boarding Transfer rules

• Go to Admin → Policies → User Update Rule


• Click on Actions → Create Update User Rule
• Fill in the details as in the screenshot (Rule Name: Offboard User)

• Click on Send for Approval


Note: Workflow will be auto approved, if rule creation is set for auto-approved.

2 Go to Admin → Policies → User Update Rule


3 Click on Actions → Create Update User Rule
4 Fill in the details as in the screenshot (Rule Name: Future Dated Offboarding)
5 Click on Send for Approval
6 Go to Admin → Policies → User Update Rule
7 Click on Action → Create Update User Rule
8 Fill in the details as in the screenshot (Rule Name: Transfer)
9 Send for Approval
1.2 Import users to trigger rules
Note: New users should be imported from HRMS flat file, with the right attribute, so that the birthright rule
kicks off and users’ gets access

• Import users using a csv file


• Go to Admin → Users → Actions → Upload User
• Select the DataFile as the csv file – Users_lab4.csv
• Set Delimiter: Comma
• First row as heading: Yes
• Zero Day Provisioning: Yes
• Check Rules: Yes
• Leave the rest as – No
• Click Upload and Preview
• Populate column name if not auto populated
• Import now
• Upload User summary will show the number of Records imported.

Note: Verify the same with the csv file that was imported

• Please note that the file that you just imported has 2 users with the future end date. To be able to trigger the rule that
you had created ‘Future Dated Offboarding’, please execute the step below

• Go to Job Control Panel → Go to Utility → On DETECTIVEPROVISIONINGRULES, click on the button for +Add
New Job and provide a name as shown in screenshot below. Any name is fine as long it does not have a whitespace

• Click on Action → Start


• After the job is complete, Go to ARS → Tasks → Pending Tasks
• Disable Account Tasks should be created for two users whose end date was set in the file.
2. Email Templates and Delegates

2.1 View Email Templates

• Go to Admin → Configurations → Email Templates


• Pre-Configured list of email templates can be viewed from here

2.2 Create Email Template (Optional)

• To create a new template, click on create email template


• Fill in the details as shown in the screen shot below or any other text you want in the email template body.

• Click on create when done.


2.3 Delegates Configuration

• Go to Admin → Configurations → Global Configurations → Home


• Define Delegate Query

• We can also configure email notifications as follows: Go to Admin → Configurations → Global Configurations →
ARS → Delegate email template. Note: For training, please select any email template available in dropdown.
SMTP is not configured for training instances. Emails will not be pushed out.

2.4 Setup Delegates

• Go to ARS → click Setup Delegates → Action → Create Delegate

• Fill in the details shown in the screenshot below:


• After creation, logout and login as the delegate user and you will be able to see any Pending Approvals assigned to
Parent User.
3 CONCLUSIONS

In this lab, you have learned the following,

• Rules Management
• Create provisioning rules, offboard rules, re-hire rules, transfer rules
• Trigger Rules during User Import
• Setup Delegates

You might also like