Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Saviynt and Baldo(DB Connection) Integration For Access Sync

snehaadumalli1
New Contributor
New Contributor

‎01/17/2024 03:39 AM

Hi Team,
We would need to send all the users and all accounts and entitlement information of that users to one of the DB applications

Usecase: We have Baldo(DB) IAM system where all the users, applications and entitlement details exists but now saviynt is handling the all users and applications/entitlements but as baldo is doing external things we need to push all users and its accounts attached. We also have to sync users accounts information as soon as user got the access.

We have thought of 2 different approches here. Please suggest us the best feasiable way of approching this. 
Approch - 1:
1. On SAV for SAV Recon All the entitlements of each application will be reconciled to Baldo endpoint in its individual entitlement type
2. Trigger Actionable Analytic Report to Generate 'Add Access' task to Baldo for the users who got added new accounts/accesses
3. Trigger Stored procedure in Baldo

Approch - 2:
1. Trigger Analytic Report to Generate users who got added to new accounts/accesses
2. Execute External Jar job to generate 'Add Access' task for Baldo endpoint
3. Trigger Stored procedure in Baldo

Suggest us if you could think of any more approches

 

Labels:
0 Kudos
3 REPLIES 3

rushikeshvartak
All-Star
All-Star

‎01/17/2024 08:04 PM

Approach - 2: is better as Approach 1  will have duplicate data under one endpoint 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

snehaadumalli1
New Contributor
New Contributor

‎01/17/2024 08:48 PM

Approch - 1: In this case we need to schedule sav for sav recon very frequently and chances to face performance issues 

Approch - 2: In this case external effort and time is needed 

Let us know if any other approches you could think off

 

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to snehaadumalli1

‎01/17/2024 08:53 PM

Approach 2 is better 

Both Approach-1 and Approach-2 seem reasonable, and the choice between them depends on your specific requirements, system architecture, and preferences. I'll provide some considerations for each approach:

Approach-1:

  1. Reconciliation with Individual Entitlement Types:

    • This approach involves reconciling all entitlements of each application to Baldo individually. This can be beneficial for granular control and tracking of entitlements.

  2. Trigger Actionable Analytic Report:

    • Using an actionable analytic report to generate 'Add Access' tasks provides a structured and automated way to handle new accounts or accesses.

  3. Stored Procedure in Baldo:

    • Triggering a stored procedure in Baldo can be a straightforward way to process the 'Add Access' tasks generated by Saviynt.

Approach-2:

  1. Trigger Analytic Report for New Users/Accesses:

    • Generating an analytic report to identify users who got added to new accounts or accesses simplifies the initial identification process.

  2. External Jar Job:

    • Executing an external Jar job for generating 'Add Access' tasks offers flexibility and separation of concerns. It allows you to encapsulate the logic in an external component.

  3. Stored Procedure in Baldo:

    • Similar to Approach-1, triggering a stored procedure in Baldo can be used to process the 'Add Access' tasks.

Additional Considerations:

  1. Scalability:

    • Consider the scalability of your solution. Evaluate which approach scales more effectively as the number of users, applications, and entitlements increases.

  2. Error Handling:

    • Implement robust error handling mechanisms in case of failures at any step. This includes error handling in reconciliation, report generation, and task execution.

  3. Performance:

    • Assess the performance impact of each approach. Consider factors such as response time, system load, and resource utilization.

  4. Security:

    • Ensure that the chosen approach complies with security best practices, especially when dealing with user and entitlement information.

  5. Monitoring and Logging:

    • Implement comprehensive monitoring and logging to track the execution of tasks, identify issues, and facilitate auditing.

  6. Integration Complexity:

    • Evaluate the overall integration complexity and maintenance efforts for each approach. Consider the ease of future modifications or additions.

Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos
Copyright © 2024 Khoros, LLC