Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/17/2024 09:40 AM
Hello Saviynt,
There is a requirement that we want to associate membership of Saviynt SAV Role XYZ based on AD group ABC. So saviynt will grant access Saviynt SAV Role XYZ based on user AD group ABC entitlement.
If a user is a member of that AD group, we want Saviynt to add that user to a SAV Role.
If a user is no longer to that AD group, Saviynt will also remove the user from SAV Role. Group membership removal can be done through Saviynt or manually at the Domain so Saviynt will detect on import and remove SAV Role as well
Can you please advise us how these requirements can be implement on Saviynt
Thanks,
09/17/2024 09:44 AM
09/17/2024 03:57 PM
Group membership removal can be done through Saviynt or manually at the Domain so Saviynt will detect on import and remove SAV Role as well
Entitlement Map and Analytics both together can cover all of it
Entitlement Map : using entitlement map on AD entitlement. AD group can be mapped with Saviynt role. If AD group is requested or removed from Saviynt, respective action will be taken on sav role.
Analytics : To find anamolies , where AD group is added but not sav role. Report can be created as actionable and will add user to missing sav role.
09/18/2024 01:13 PM
Thank you for the suggestion.
Regarding the entitlement map - a user group membership is done natively. Does saviynt grant access to the sav role right after AD access import job is completed?
Thanks
09/18/2024 01:46 PM