Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry. Saviynt Copilot Icon
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to provision/de-provion Saviynt SAV role based on AD group

Miko
Regular Contributor
Regular Contributor

‎09/17/2024 09:40 AM

Hello Saviynt,

There is a requirement that we want to associate membership of Saviynt SAV Role  XYZ based on AD group ABC.  So saviynt will grant access Saviynt SAV Role XYZ based on user AD group ABC entitlement. 

If a user is a member of that AD group, we want Saviynt to add that user to a SAV Role. 

If a user is no longer to that AD group, Saviynt will also remove the user from SAV Role. Group membership removal can be done through Saviynt or manually at the Domain so Saviynt will detect on import and remove SAV Role as well

Can you please advise us how these  requirements can be implement on Saviynt

Thanks,

Labels:
0 Kudos
4 REPLIES 4

rushikeshvartak
All-Star
All-Star

‎09/17/2024 09:44 AM


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos

Amit_Malik
Valued Contributor II
Valued Contributor II

‎09/17/2024 03:57 PM

Group membership removal can be done through Saviynt or manually at the Domain so Saviynt will detect on import and remove SAV Role as well

Entitlement Map and Analytics both together can cover all of it

Entitlement Map : using entitlement map on AD entitlement. AD group can be mapped with Saviynt role. If AD group is requested or removed from Saviynt, respective action will be taken on sav role.

Analytics : To find anamolies , where AD group is added but not sav role. Report can be created as actionable and will add user to missing sav role.

 

Kind Regards,
Amit Malik
If this helped you move forward, please click on the "Kudos" button.
If this answers your query, please select "Accept As Solution".
0 Kudos

Miko
Regular Contributor
Regular Contributor

‎09/18/2024 01:13 PM

Thank you for the suggestion.

Regarding the entitlement map -  a user group membership is done natively.  Does saviynt  grant access to the sav role right after AD access import job is completed?

Thanks

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Miko

‎09/18/2024 01:46 PM

  • It can be parallel access grante
  • you can schedule the wsretry accordingly if ad task completed then run wsretry for saviynt for specific entitlement 

Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.
0 Kudos
Copyright © 2024 Khoros, LLC