SCAIP Exam Dumps - Saviynt Certified Advanced IGA Professional (Level 200)

In Saviynt EIC REST connector configuration, account reconciliation (also known as account import or aggregation) requires specific mandatory JSON parameters that define how the system connects to the target application and retrieves account data. The two essential parameters areConnectionJSONandImportAccountEntJSON.

ConnectionJSON (Option A)is mandatory because it contains the core connection details such as base URL, authentication mechanism (OAuth, Basic, etc.), headers, and endpoint configurations. Without this, Saviynt cannot establish communication with the target REST application.

ImportAccountEntJSON (Option B)is also required because it defines the API call used to fetch account (entitlement/account) data from the target system. It includes endpoint URLs, response parsing logic, pagination handling, and mapping rules needed to bring account data into Saviynt.

OptionC (ImportUserJSON)is typically used for identity/user import, not for account reconciliation in REST connectors. OptionD (CreateAccountJSON)is used during provisioning (account creation), not during reconciliation.

Therefore, for account reconciliation using REST connector, the mandatory configurations are ConnectionJSON and ImportAccountEntJSON, as per Saviynt IGA Level 200 connector guidelines.

In Saviynt EIC,time-bound accessis a standard feature used to ensure that access granted to users is automatically revoked after a defined duration. This requirement is fulfilled by enabling thetime-bound configuration for roles under Global Configurations > Roles(Option B). Once this setting is enabled, users can request roles with a specified start and end date, and Saviynt automatically deprovisions the access when the validity period expires.

This capability is essential for enforcingleast privilege and compliance requirements, as it eliminates the need for manual revocation and reduces the risk of lingering access. The system leverages scheduled jobs to monitor and remove expired entitlements or roles.

Option A is incorrect because Dynamic Attributes are mainly used for form customization and conditional logic, not for enforcing access expiration. Option C (Emergency Access Role) is designed for temporary elevated access but follows a different configuration pattern and use case. Option D is not a valid standard approach for enabling automatic revocation.

Thus, enablingtime-bound roles in global configurationis the correct and scalable solution.

Saviynt’sRole MiningandDuplicate Identity Management (DIM)features are key components of Identity Analytics and Governance.

Option Ais correct because Role Mining analyzes user access patterns and identifies similarities across users. Based on these similarities, Saviynt suggests logical groupings of entitlements that can be converted into roles, improving role design and governance.

Option Bis also correct. Thepercentage cut-offin Role Mining defines the threshold for common access across users. A higher threshold (e.g., 60% or more) ensures that only frequently shared entitlements are considered. In practice, this drives mining toward highly consistent access patterns, often close to universally assigned (near 100%), ensuring stronger role accuracy.

Option Cis correct because access to DIM functionality is controlled throughSAV Roles. Administrators must explicitly grant permissions to view and manage duplicate identities.

Option Dis incorrect because DIM not only merges identity attributes but can also consolidate associated access (accounts and entitlements), ensuring a unified identity profile.

The correct answer is B. OAuth access token . Saviynt documentation states that to integrate Saviynt APIs with Saviynt Identity Cloud, an OAuth access token must be generated to authenticate API calls. This is a foundational concept for the API section of Level 200 because even when using Postman or another client, the request must be authenticated before protected endpoints can be called successfully. Saviynt also documents that its APIs are RESTful APIs used to configure and access various platform features, so token-based authentication is central to practical API usage.

The other options are unrelated to Saviynt REST API authentication. SMTP token is not a Saviynt API authentication model, Transport package is used for moving supported configurations between environments, and Dataset key is not the documented authentication requirement for API access. Saviynt’s API reference guide further describes version-specific collections, supported methods, requests, and responses, which is exactly why Postman-based testing in certification labs usually starts with authentication setup first. In practical terms, if the OAuth token is missing or invalid, the request will fail even if the endpoint URL and payload are correct. That is why OAuth access token generation is the correct answer.

In Saviynt EIC,User Update Rulesare powerful automation mechanisms used to perform actions based on user attribute changes or conditions defined through SQL queries. These rules support multiple actions that help streamline identity lifecycle management.

Option A is correct because User Update Rules cantrigger Technical Rules, enabling further downstream processing such as provisioning, deprovisioning, or executing custom logic. This allows modular and scalable automation.

Option B is also valid since User Update Rules can be used togenerate usernames dynamicallybased on defined patterns or business logic, especially during onboarding or identity updates.

Option C is correct as well because these rules supportsending email notifications, which can be used for alerts, approvals, or informing stakeholders about identity changes.

Since all these actions are supported within User Update Rules, Option D (All the above) is correct. This highlights the flexibility of User Update Rules in handling automation, communication, and identity data transformations within Saviynt EIC.

In Saviynt EIC, retrieving reports such as users and their assigned SAV roles can be achieved through multiple analytics and reporting mechanisms. The correct approaches areOptions A, B, and C, all of which leverage SQL-based analytics capabilities.

Option Ais correct because Saviynt allows administrators to create analytics using SQL queries and schedule them. The“Send Email As Attachment”feature enables automated report delivery, making it useful for periodic reporting and compliance requirements.

Option Bis also valid, as analytics results can be exported directly into formats like CSV or Excel, allowing further analysis or sharing outside the platform.

Option Cis correct because theData Analyzertool enables administrators to run SQL queries directly on the Saviynt database to retrieve real-time data for reporting and troubleshooting purposes.

Option D (Using enhanced query)is not considered a standard or distinct reporting mechanism in Saviynt for this use case.

Together, these methods provide flexible reporting options, supporting both real-time access and scheduled report distribution within Saviynt.

In Saviynt EIC, approval assignment for access requests is primarily controlled throughworkflow configurations, which are associated either at theendpoint level or security system level. Therefore, the first step in troubleshooting incorrect approver assignment is to validate whether the correct workflow is attached and properly configured at both levels (Options A and C). Workflows define approval logic such as manager, owner, or custom approvers, and misconfiguration here often leads to incorrect routing.

Option B is also correct becausedelegation settingscan override the intended approver. If a delegate is configured for an approver, the request may be routed to the delegate instead of the original approver, causing confusion if not validated.

Option D is incorrect because in Saviynt, approvers are typicallysystem-driven based on workflow rules, not manually selected by the requester in most standard configurations. The requester does not usually control approver assignment unless explicitly customized, making this option irrelevant for standard troubleshooting.

In Saviynt–ServiceNow integration, the synchronization ofRITM (Request Item) statusbetween Saviynt and ServiceNow is handled through bothmanual and automated mechanisms.

Option B is correct because users or administrators can manuallyclick the Refresh button on the RITM page in ServiceNowto immediately fetch the latest status from Saviynt. This is useful for real-time validation when monitoring request progress.

Option C is also correct as ServiceNow includes aRequest Item History Job, which runs periodically (commonly every minute) to automatically sync and update the RITM status based on the latest state in Saviynt. This ensures near real-time consistency between both systems without manual intervention.

Option A is incorrect because Postman API calls are not a standard or supported operational method for end users to refresh RITM status. Option D is unrelated, as regenerating catalog items does not impact ticket status synchronization.

Thus, the correct answers aremanual refresh and automated job-based synchronization.