We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.
No ratings
pruthvi_t
Saviynt Employee
Saviynt Employee

Short Description:

Best practices to follow while importing an identity as Saviynt user from an authoritative source.

Applicable versions:

All versions

Detail best practice:

  1. Use the out of the box connector instead of custom connector or a generic REST connector whenever possible.
  2. Use multithreading for connectors where it is supported.
  3. Use batch size configuration for the connectors that support batch config for optimal performance. 
  4. While importing the unique attribute from HR should be mapped to the username attribute. This will help in maintaining the user to manager link automatically by Saviynt.
  5. The termination flag coming in from the HR should be mapped to status field so that Saviynt's user identity is Inactivated when user is Terminated in HR system
  6. For use cases involving a business logic for the calculation of user's attribute, leverage inline processing feature for imports. Refer inline processing best practice document for more details on how inline processing should be used
  7. By default Saviynt's email generation rule checks for uniqueness only in email attribute, in case there are additional proxy address stored in other attributes then that will not be considered to check uniqueness
  8. Always use clear and business specific labels for custom properties. This ensures the custom labels appear right while referencing them in technical and user update rules.
  9. Try to design a solution around incremental imports whenever possible. This will help in faster reconciliation and provisioning cycles.
  10. Make sure only relevant data is being brought in for IGA processes from target as Saviynt has limited custom properties available. Typically try to use a max 75% of custom properties for user import so that the rest 25% can be used for future scaling.
  11. While designing user import mapping, please have the knowledge of data types for each field in users table you're using in the mapping. This will help in reducing the instances where the change of datatype is required or custom indexing is required.
  12. keep into consideration importance of Saviynt “username” attribute. Ideally, Map a HR field to Saviynt “username” which is unique and immutable i.e value doesn’t change for a user record in its lifetime.
  13. When in doubt about choosing the right saviynt attributes to map for your user imports, Go to Data Analyser on Admin module and look at the table column information to get an idea of the different columns available in the table and their lengths and datatypes.
  14. While configuring username and email generation rule, if possible use out of box feature as it automatically performs unique check. In case OOTB is not possible then try to use inline processing. 
  15. In case you are performing user import from Database then instead of trying to get data from multiple tables, ask DB owner to create a view because:
    • This will avoid Saviynt to write complex queries to pull data from multiple tables and will provide better performance
    • It avoids accidental data exposure. Saviynt should only consume the required data.
  16. In case of database user import, confirm from DB owner if there is any field which contains lastmodified date and configure your query to bring in data based on lastmodified date. This will help in improving performance

Key Benefit

  • Improved performance - You may encounter significant performance issue if user import is designed incorrectly

 

 

Comments
Chamundeeswari
New Contributor II
New Contributor II

Hi,

Can the STATUS_THRESHOLD_CONFIG be used for User import to make sure Saviynt does not inactivate more users than the threshold value in single import ? If not, how can we save from accidental inactivation of users ?

Answer: Yes, this is introduced in v23.12.

Manu269
All-Star
All-Star

@pruthvi_t say during an user import some users creation is failed due to any xy reason. Is there a way to identify and notify those list of user?

Version history
Last update:
‎05/26/2023 12:00 PM
Updated by:
Contributors