Short Description - Often user community asks where to store user's sensitive information in Saviynt. We will talk about the different attribute types which Saviynt provide to store sensitive information.
Detailed best practice -
Saviynt provides two attribute types to store User's sensitive information
- HCP - In this “H” stands for Hashing. Saviynt provides 5 custom properties to store the information in Hashed format. These custom properties are HCP1, HCP2, HCP3,HCP4 and HCP5. These attributes store the data in one way hashed format and it can never be decrypted. Since the data is hashed the only option to validate the data is by using API validateUserData
- ECP - In this “E” stands for encryption. There are 5 custom properties to store the information in Encrypted format. These custom properties are ECP1, ECP2, ECP3, ECP4, ECP5. These attributes store the data in encrypted format and can be decrypted while retrieving for example when these attributes are called in the connector they are automatically decrypted before they are passed to the target. In Analytics they will show in encrypted format
These two attributes are present as part of 65 custom properties provided by Saviynt for a user object.
Reference documentation (doc portal link) - None
Impact - Key benefits - Quantitative/qualitative benefits
- Secured storage for sensitive information.
- Different storage types for different attribute needs
- The attributes can be utilized in encrypted/ non encrypted way based on requirement. For example attributes can be decrypted while passing them to target system during provisioning but can remain encrypted while you view them.