Best practices to follow while importing an identity as Saviynt user from an authoritative source.
Detail best practice:
Use the out of the box connector instead of custom connector or a generic REST connector whenever possible.
Use multithreading for connectors where it is supported.
Use batch size configuration for the connectors that support batch config for optimal performance.
While importing the unique attribute from HR should be mapped to the username attribute. This will help in maintaining the user to manager link automatically by Saviynt.
The termination flag coming in from the HR should be mapped to status field so that Saviynt's user identity is Inactivated when user is Terminated in HR system
For use cases involving a business logic for the calculation of user's attribute, leverage inline processing feature for imports. Refer inline processing best practice document for more details on how inline processing should be used
By default Saviynt's email generation rule checks for uniqueness only in email attribute, in case there are additional proxy address stored in other attributes then that will not be considered to check uniqueness
Always use clear and business specific labels for custom properties. This ensures the custom labels appear right while referencing them in technical and user update rules.
Try to design a solution around incremental imports whenever possible. This will help in faster reconciliation and provisioning cycles.
Make sure only relevant data is being brought in for IGA processes from target as Saviynt has limited custom properties available. Typically try to use a max 75% of custom properties for user import so that the rest 25% can be used for future scaling.
While designing user import mapping, please have the knowledge of data types for each field in users table you're using in the mapping. This will help in reducing the instances where the change of datatype is required or custom indexing is required.
keep into consideration importance of Saviynt “username” attribute. Ideally, Map a HR field to Saviynt “username” which is unique and immutable i.e value doesn’t change for a user record in its lifetime.
When in doubt about choosing the right saviynt attributes to map for your user imports, Go to Data Analyser on Admin module and look at the table column information to get an idea of the different columns available in the table and their lengths and datatypes.
While configuring username and email generation rule, if possible use out of box feature as it automatically performs unique check. In case OOTB is not possible then try to use inline processing.
In case you are performing user import from Database then instead of trying to get data from multiple tables, ask DB owner to create a view because:
This will avoid Saviynt to write complex queries to pull data from multiple tables and will provide better performance
It avoids accidental data exposure. Saviynt should only consume the required data.
In case of database user import, confirm from DB owner if there is any field which contains lastmodified date and configure your query to bring in data based on lastmodified date. This will help in improving performance
Improved performance - You may encounter significant performance issue if user import is designed incorrectly