Description
The Saviynt connector uses the Saviynt REST API to discover user accounts, security groups, entitlements, and access request data within a Saviynt Enterprise Identity Cloud (EIC) deployment. It authenticates using an API token and provides visibility into IGA-governed access across connected applications and enterprise systems.
System Type Classification
| Field | Value |
|---|
| System Type | Application |
| Default Scan Priority | 500 |
Version Support
| OrbisID Edition | Supported |
|---|
| Community | No |
| Pro | Yes |
| Enterprise | Yes |
Supported Protocol
| Protocol | Port | Notes |
|---|
| REST API (HTTPS) | 443 TCP | Bearer token via OAuth 2.0 password grant |
What OrbisID Discovers
| Data | Source |
|---|
| User accounts | POST /ECM/api/v5/getUsers |
| Security groups (entitlements) | POST /ECM/api/v5/getEntitlements |
| Group memberships | Derived from user entitlement assignments |
| User enabled state | statuskey field (1 = active) |
| Risk scores | riskScore per user |
Connection Requirements
Required Permissions
Create a dedicated Saviynt service account with access to the API endpoints.
Minimum permissions:
- SAV Role with
View User and View Entitlement permissions
- API access enabled for the service account
Credential Mapping
| OrbisID Field | Value |
|---|
credential.username | Saviynt service account username |
credential.password | Saviynt service account password |
system.hostname | Saviynt tenant hostname (e.g., myorg.saviyntcloud.com) |
Network Requirements
The OrbisID server must have HTTPS access to the Saviynt tenant on port 443.
Configuration Steps
- In the Saviynt EIC console, create a service account with read-only SAV Role
- Create a Credential in OrbisID:
- Username: Saviynt service account username
- Password: Saviynt service account password
- Navigate to Systems → Add System
- Fill in the fields:
| Field | Value |
|---|
| Name | Descriptive name (e.g., Saviynt EIC – Production) |
| OS Type | Saviynt |
| System Type | Application |
| Hostname | Saviynt tenant hostname |
| Credential | The scanning credential |
- Click Test Connection
- Click Save
Troubleshooting
| Symptom | Likely Cause | Resolution |
|---|
Authentication failed | Invalid credentials | Verify service account credentials in the Saviynt console |
| No users returned | API access not enabled | Enable API access for the service account in Saviynt |
403 Forbidden | Missing SAV Role permissions | Grant View User and View Entitlement permissions |
| Rate limit errors | Too many API requests | Reduce scan frequency or increase the scan interval |