Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

Limiting Saviynt support team's access to our environment

yogesh2
New Contributor III
New Contributor III

Hi team,

We have a customer ask that we don't want Saviynt support team to have always available admin access to our environment via the "SaviyntSupportAgent" users, hence we are considering either to remove the ROLE_ADMIN_SAVIYNTSUPPORT role from "SaviyntSupportAgent" users or change the password for these users.

Can you please let us know how Saviynt team manages passwords to these accounts and steps taken by Saviynt team to ensure security and accountability when Saviynt support agents are accessing our environment as these users use native authentication for login?

Which of the two approaches would you recommend?

> Changing the password for these accounts and sharing with Saviynt support team as and when required.

> OR, removing the SAV Roles from these users and only assigning the apt SAV Roles when needed by Saviynt support team.

3 REPLIES 3

PremMahadikar
Valued Contributor
Valued Contributor

Hi @yogesh2 ,

First option: From 24.1v, you cannot change the password for these default users. As you are on 24.3v, reset password wouldn't work here.

PremMahadikar_0-1713814642137.png

Second option: By default, these four SAV roles will be assigned to SaviyntSupportAgent users. And its recommended not to remove any SAV role.

PremMahadikar_1-1713814779080.png

Can you please let us know how Saviynt team manages passwords to these accounts and steps taken by Saviynt team to ensure security and accountability when Saviynt support agents are accessing our environment as these users use native authentication for login?

Saviynt internal PAM process for access customer tenant - Saviynt Global Access Policy (saviyntcloud.com)

The below article should also help you:

  1. Default Users in Enterprise Identity Cloud (saviyntcloud.com)

 

rushikeshvartak
All-Star
All-Star

You can't do both and it's not recommended to perform this action as this are break glass accounts. before doing anything consult saviynt support via ticket,


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Please click the 'Accept As Solution' button on the reply (or replies) that best answered your original question.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.