Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Attribute Synchronization in Saviynt

varunpuri
Regular Contributor
Regular Contributor

Hi,

The scenario is this :

Database is the source of truth through which Identities are being created
Active Directory is one of the downstream systems.

Customer says that it is very likely in their operating environment that someone may directly make changes into Active Directory at the account attribute level.

So, for a given snapshot of the system, the user Identity may have a value for a particular attribute which is different than the value of same attribute for the same user's account in AD.

Expectation : Is there any OOB solution/configuration available through which Saviynt is able to identify such a difference in values of a particular attribute for a given user at the Identity Level versus the AD Account Level and is able to synchronize the Identity attribute value to AD attribute value.

Customer says that such a thing is possible in Sailpoint through something called as attribute synchronization job.

Appreciate your assistance here.

Best Regards,
Varun

3 REPLIES 3

armaanzahir
Valued Contributor
Valued Contributor

Hi Varun,

Yes, Sailpoint Idn has such an OOTB option wherein they can perform attribute sync to the target systems based on differences found in between the identity and the account attributes due to either changes flowing in from authoritative source or someone changing the accounts directly on the target. 

Synchronizing Attributes - SailPoint Identity Services

Saviynt does not currently have any such configuration that automates this process OOTB.

Although, we could configure an actionable analytic to automate the process. 

A join would be done on users,user_accounts,accounts table to compare the differences in between the user profile attributes and their corresponding account attributes. The condition would be to fetch records when there is such a difference. Default action for the analytic would be "Update Account" for the AD EP.

Reference Links:

Configuring Allowed Actions (saviyntcloud.com)

Solved: Create Actionable Analytics report to update email... - Saviynt Forums - 2592

 

Thanks,

Armaan

Regards,
Md Armaan Zahir

Thank You, for your response @armaanzahir .

Best Regards,
Varun

Manu269
All-Star
All-Star

@varunpuri 2 possible solutions :

1. Saviynt can sync those information. You can create a user update rule based on mandatory attributes where you are expecting a change. Once done, you can trigger update account task for that EP.

2. Create an actionable analytics fetch the delta and trigger the update.

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.