1. What is the business use case we are trying to achieve here?
1. Customer want two separate instances of Saviynt, the "Internal" one that is reachable just from internal network and that will be connected only with On Prem target systems/endpoints; an "External" instance reachable from Internet that will only be connected with Azure AD tenant for managing/provisioning Guest B2B users. There is an additional security requirement from Customer to have the data flow in one single direction, this means that data should be pulled from Internal to External, while data cannot be pushed from External to Internal. Since the Internal instance will be the master identity data, all the identities present in the external instance (B2B users) must be replicated also in the internal one.
2. What do you mean by "internal one is responsible to pull data from the external and to do the provisioning tasks on B2B" ? Which data you want to pull from the external instance to internal instance? Please specify complete details. What is the business use case and reason for pulling this data from external to internal instance ?
2. As per Customer security requirement, there should be one way communication between external and internal that is: "internal" instance pulling data from the "external" one.
3. Could you please provide more information on this statement "External instance should not push data." What does this statement mean?
3. This is the security requirement from the Customer, as detailed above.
4. Do you have any architecture diagram to explain the current architecture of both the instance and the architecture of the expected flow?
4. Please find schema below.
5. What do you mean by "do provisioning tasks on B2B" ? Provisioning has to be from Saviynt to which targets by which instance ? Do we have target applications integrated with both the instances or only one instance ?
5. Please see the previous diagram.
Thank you in advance.
