Pass the Saviynt Advanced IGA Professional SCAIP Questions and answers with CertsForce

The correct answers are A, B, and C . Saviynt documentation for Active Directory group management states that the connector can be used to create, update, and delete AD or ADSI groups. It also supports related group-management functions such as updating group attributes and maintaining group membership and owners. This confirms that Saviynt group management is not limited to visibility or request tracking; it supports the full operational lifecycle for AD groups when configured correctly.

Saviynt’s administrative documentation further explains that group management must be configured to enable users to create and manage groups in Saviynt Identity Cloud. That broader wording aligns with the specific lifecycle operations of create, update, and delete. Option D is incorrect because campaign launching is part of certification governance, not the core capability set of AD group management itself. A campaign may later review group-related access, but group management is fundamentally about administering the group object and its membership lifecycle. For Level 200 preparation, this distinction matters: group management handles the lifecycle of the group object, while campaigns handle review and attestation of access associated with identities, roles, or entitlements.

Saviynt’sDuplicate Identity Management (DIM)feature is designed to identify, analyze, and remediate duplicate identities within the Identity Repository, ensuring data integrity and governance. All the listed actions are core capabilities of DIM, makingOption D (All of the Above)the correct answer.

Firstly, DIM enablesduplicate detectionboth during identity import (pre-processing stage) and for already existing identities using detective jobs. This ensures that duplicates are identified proactively and retrospectively. Secondly, DIM provides aside-by-side comparison view, allowing administrators or reviewers to analyze ambiguous duplicate records and decide whether they should be merged. This comparison highlights attribute-level differences for informed decision-making.

Finally, after merging duplicate identities, Saviynt allows administrators todeactivate or retire redundant identities, ensuring only a single authoritative identity remains active. This helps maintain clean identity data and prevents access risks.

Together, these features support identity consolidation, reduce redundancy, and improve overall governance, making DIM a critical component of Saviynt’s intelligence and analytics capabilities.

In Saviynt EIC, theSOD (Segregation of Duties) Risk Evaluation Jobis used to identify conflicts in user access that violate defined SOD policies. To efficiently analyze and review these violations, Saviynt provides several filtering options.

Users (A)is a valid filter that allows administrators to view SOD violations specific to individual users or a group of users. This is helpful for targeted investigations or audits.

Security System (B)is also a valid filter, enabling administrators to narrow down violations based on specific applications or systems. This is useful when analyzing risks within a particular application landscape.

Ruleset (C)is another important filter, as SOD violations are evaluated based on predefined rule sets. Administrators can filter results based on specific rulesets to understand which policies are being violated.

Option D (User Account Evaluation) is not a standard filter in the SOD Risk Evaluation Job. It is more related to job execution scope rather than filtering results.

Thus, the correct answers areUsers, Security System, and Ruleset, which are the primary filters for analyzing SOD violations.

In Saviynt EIC when integrated with ServiceNow as aticketing system (ITSM)for disconnected applications, ticket creation behavior depends on the configuration setting“Enable Multi Entitlement Request.”

If this option is enabled, Saviynt treats each entitlement independently and createsseparate tickets in ServiceNow for each entitlementselected in the request. Therefore, if a user selects three entitlements,three individual ticketswill be generated, allowing granular tracking and fulfillment of each entitlement.

If the option is not enabled, Saviynt consolidates multiple entitlements into asingle request payload, resulting inone ServiceNow ticketthat includes all requested entitlements. This approach simplifies ticket management but reduces granularity.

Option B is incorrect because Saviynt fully supports multiple entitlement requests with ServiceNow integration. Option C is only conditionally correct (depends on configuration), making it incomplete. Option D is also conditional and not always true.

Thus, the correct answer isA, as it accurately reflects the behavior based on system configuration.

In Saviynt–ServiceNow integration, user visibility in request forms depends on properidentity correlation between ServiceNow users and Saviynt identities. The most common reason a valid ServiceNow (SNOW) user does not appear in the request form is that theSNOW user record is not linked or mapped to an imported Saviynt user(Option B).

Saviynt relies on its internal identity repository to populate requestable users. Even if a user exists in ServiceNow, they must also exist in Saviynt and be properly correlated (typically via attributes like username, email, or employee ID). Without this linkage, Saviynt cannot recognize the user during request submission, and therefore the user will not appear in the search results.

Option A is incorrect because even if the user already has access, they would still appear in search results (though requests may be restricted). Option C is unrelated to user visibility. Option D is incorrect because lack of an account does not prevent user selection—it only affects provisioning outcomes.

Thus, properuser correlation between SNOW and Saviyntis essential for request visibility.

The correct answer is A . Saviynt documentation describes two major ServiceNow integration models: ServiceNow as a Managed Application and ServiceNow as a Ticketing System . The managed application model is used for application-style integration, including reconciliation or import and provisioning or deprovisioning activities. The ticketing system model is used when ServiceNow functions as the ITSM workflow and ticket platform connected to Saviynt request processing. This distinction is repeatedly emphasized in the ServiceNow integration overview documentation.

Saviynt further notes that integration with ServiceNow is required to perform reconciliation, provisioning, and deprovisioning tasks, and separately documents ServiceNow as a ticketing system for request-related use cases. That means the two modes are complementary but not identical. Option D is therefore wrong because the modes serve different architectural purposes. Options B and C are incorrect because branding, analytics-only usage, SAV-role-only usage, and password-sync-only behavior do not describe the documented ServiceNow integration patterns. For Level 200 exam preparation, this is a high-value distinction: choose Managed Application when ServiceNow is the governed target system, and Ticketing System when ServiceNow is the ITSM workflow engine around Saviynt processes

In Saviynt EIC,SAV Roles are additive in nature, meaning that when a user is assigned multiple roles, the system grants theunion of all permissionsacross those roles. There is no restrictive override where one role limits another; instead, the highest level of access prevails.

In this scenario, the user is assigned bothROLE_ADMINandROLE_CUSTOM_READ (Read Only). While ROLE_CUSTOM_READ restricts access to read-only, theROLE_ADMIN role provides full administrative privileges, including both view and edit capabilities across modules.

Saviynt does not enforce precedence based on role assignment order, nor does a read-only role override an admin role. Instead, permissions are cumulative, and the most permissive access is effectively granted.

Therefore,Option Dis correct: the user will havefull view and edit accessbecause ROLE_ADMIN includes comprehensive permissions that supersede the limitations of the read-only role.

This behavior ensures flexibility in role assignments but also requires careful governance to avoid over-provisioning of administrative access.

The correct answer is B. OAuth access token . Saviynt documentation states that to integrate Saviynt APIs with Saviynt Identity Cloud, an OAuth access token must be generated to authenticate API calls. This is a foundational concept for the API section of Level 200 because even when using Postman or another client, the request must be authenticated before protected endpoints can be called successfully. Saviynt also documents that its APIs are RESTful APIs used to configure and access various platform features, so token-based authentication is central to practical API usage.

The other options are unrelated to Saviynt REST API authentication. SMTP token is not a Saviynt API authentication model, Transport package is used for moving supported configurations between environments, and Dataset key is not the documented authentication requirement for API access. Saviynt’s API reference guide further describes version-specific collections, supported methods, requests, and responses, which is exactly why Postman-based testing in certification labs usually starts with authentication setup first. In practical terms, if the OAuth token is missing or invalid, the request will fail even if the endpoint URL and payload are correct. That is why OAuth access token generation is the correct answer.

In Saviynt EIC,Technical Rulesare triggered based on lifecycle events related to user creation, updates, and imports, provided the defined conditions evaluate to true. The correct answers areB, C, and D.

Option Bis correct because duringImport Jobs, when users are brought into Saviynt from authoritative sources, Technical Rules are evaluated, and if conditions match, they are executed. This is a common mechanism for provisioning access during onboarding.

Option Cis also correct since when anew user is created via the UI, Technical Rules can be triggered if the user attributes meet the rule conditions. This ensures consistent provisioning regardless of how users are created.

Option Dis correct because when anexisting user is updated, and a User Update Rule is configured tore-run provisioning rules, it can trigger associated Technical Rules again.

Option Ais incorrect because deletion events typically trigger deprovisioning workflows rather than standard Technical Rule execution.

Thus, Technical Rules are triggered during import, creation, and update events—not deletion.

In Saviynt–ServiceNow integration, the synchronization ofRITM (Request Item) statusbetween Saviynt and ServiceNow is handled through bothmanual and automated mechanisms.

Option B is correct because users or administrators can manuallyclick the Refresh button on the RITM page in ServiceNowto immediately fetch the latest status from Saviynt. This is useful for real-time validation when monitoring request progress.

Option C is also correct as ServiceNow includes aRequest Item History Job, which runs periodically (commonly every minute) to automatically sync and update the RITM status based on the latest state in Saviynt. This ensures near real-time consistency between both systems without manual intervention.

Option A is incorrect because Postman API calls are not a standard or supported operational method for end users to refresh RITM status. Option D is unrelated, as regenerating catalog items does not impact ticket status synchronization.

Thus, the correct answers aremanual refresh and automated job-based synchronization.