Saviynt

Saviynt Enterprise Identity Cloud (EIC) is a cloud-native Identity Governance & Administration (IGA) and Privileged Access Management (PAM) platform. It provides access request and certification workflows, granular entitlement analytics, and lifecycle automation via SCIM 2.0 and connector-based provisioning. It also supports SAML 2.0 and OpenID Connect (OIDC) for federated SSO to the Saviynt UI and integrated apps.

Key Capabilities

• Identity governance & analytics: Centralized access review, risk scoring, and SoD policy engine to detect toxic combinations and enforce least privilege.

• Lifecycle management & provisioning: Automates onboarding, transfers, and terminations using SCIM 2.0, HR connectors (Workday, SAP SuccessFactors), and app connectors (SaaS and on-prem).

• SSO and federation: Saviynt EIC acts as a SAML 2.0 Service Provider and supports OIDC login via enterprise IdPs (e.g., Entra ID, Okta, Ping). Admin guides cover federation setup and SSO policies.

• Privileged access controls: Built-in PAM module manages elevated sessions, approvals, and just-in-time access to infrastructure and applications.

Limitations

• Not a general-purpose IdP: Saviynt EIC consumes SSO (as SP) rather than providing standalone SAML/OIDC IdP services for third-party apps.

• OAuth profile depth: Documentation focuses on standard OIDC login; not enough public information to confirm support for PAR, DPoP, or mTLS-bound tokens/FAPI.

• Provisioning granularity: While Saviynt exposes SCIM 2.0 interfaces, schemas and operation sets may vary per connector—verify attribute mappings per integration.

• SaaS only: EIC is cloud-hosted (no on-prem edition); legacy Saviynt IGA deployments may require migration.

• Feature segmentation: Some capabilities (e.g., PAM, application onboarding) require enabling specific EIC modules/licensing tiers.