We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Alternative Saviynt-AD Connection

Regular Contributor
Regular Contributor


We have a customer who is removing LDAP connectivity to their AD, org-wide per the 2024 board mandate. They would ideally like to use GMSA or Kerberos to connect to AD from Saviynt. Per our checks, GMSA is not supported and not on the roadmap too (idea portal response). The vault option too cannot be used here, since LDAP will be disabled org-wide for this customer.

Considering this, what are the options available to us to connect to AD? 




Saviynt supports various methods for connecting to Active Directory (AD) other than using Generic Managed Service Accounts (GMSA) or Kerberos. Some alternative methods include:

1. Username/Password Authentication:
- You can configure Saviynt to use traditional username/password authentication for connecting to Active Directory.

2. Certificate-Based Authentication:
- Saviynt can be configured to use certificates for authentication. This involves creating and managing X.509 certificates for secure communication.

3. OAuth Authentication:
- OAuth (Open Authorization) is another authentication method that Saviynt may support. This involves obtaining an access token for authentication.

4. LDAP Connection:
- Saviynt can also connect to Active Directory using LDAP (Lightweight Directory Access Protocol) for directory services.

5. Service Account Authentication:
- Instead of GMSA, you can use a regular service account with a username and password for authentication.


Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.