Saviynt Blog | Security News and Research

Saviynt v2022 Release Wrap Up

作成者: Kyle Benson|2024/07/09 4:30:37
Application Onboarding and Management, Duplicate Identity Management and Bring-Your-Own-Vault Privileged Access Capabilities Available in Enterprise Identity Cloud

Table of Contents

We’re excited to announce the general availability of Saviynt v2022, the latest version of the Enterprise Identity Cloud (EIC). The new EIC release builds on key areas of identity governance, analytics, and privileged access to help organizations embrace Zero Trust principles. This release also provides increased security and compliance capabilities for privileged access management. Highlights include:

  • Accelerate governance across apps, data, and workloads: Our new Application Onboarding Management, integrated with Saviynt Exchange – our application marketplace – helps you onboard apps 70% faster. The new wizard-based workflow empowers business application owners to securely onboard apps without assistance from IT administrators. We’ve also enhanced application discovery capabilities, so that no applications or workloads are left behind.
  • Unify identities and simplify governance: Our Duplicate Identity Management functionality improves end user experience by unifying identities – even when users have different personas within an organization. For security teams, Duplicate Identity Management improves visibility by mapping duplicate or multiple identities to a verified human identity, reducing the risk of unmanaged identities.
  • Protect vault investments: Our Bring-Your-Own-Vault (BYOV) feature allows customers to protect their investments in vaulting technologies and the customizations they’ve made to make the vault work for their business. BYOV enables a user to integrate CPAM with any vault and continue to use all CPAM features. It uses Saviynt’s extensible connector framework to store the secrets and passwords in the vault.
  • Windows Service Account Management: CPAM automatically discovers, vaults, and rotates passwords periodically for Windows local and domain service accounts (used in Windows services, COM+ services, and task schedulers). This helps to protect the credentials of service accounts.
  • Enhanced and seamless onboarding experience for Azure workloads: This capability allows for discovery, and automatic vaulting of the privileged account password. The privileged Azure Identity and Access Management (IAM) accounts are protected, thereby enabling privileged access to the Azure Console.
Application Onboarding and Management

Reduce Application Onboarding Time by 70%

As organizations bring on new applications, the attack surface continues to grow on a daily basis. To decrease the risk associated with unmanaged applications, we’ve made application onboarding much faster and more efficient in Saviynt EIC. With our new onboarding wizard, you can onboard an application once and enable identity management features at any time as you go. Saviynt Exchange, the central application catalog provides complete management over the entire application lifecycle.

 

 

Learn more about Saviynt’s Application Onboarding Management.

 

 

The onboarding wizard has three modes:

  • Basic mode onboards applications in minutes by using defaults based on best practices
  • Assisted mode helps configure advanced use cases with a simple GUI
  • Advanced mode allows for ongoing configuration changes at your pace until they are finalized and committed
Duplicate Identity Management

Ensure One Identity and Eliminate Manual Tasks

The core of Saviynt Enterprise Identity Cloud (EIC) is a scalable identity warehouse that maximizes analytics to eliminate time-consuming manual processes. With this new release, the platform intelligently detects any duplicate accounts in your identity repository and allows you to take corrective action with Duplicate Identity Management. It provides an intuitive workbench so administrators can easily choose which identities and attributes to preserve and where action needs to be taken for owned accounts. Once this process is complete, EIC maintains the action to ensure a single identity, even if the source data remains inconsistent.

Learn more about Saviynt’s Duplicate Identity Management.

 

Bring Your Own Vault

Privileged Access Flexibility and Investment Protection

Introduces the Bring Your Own Vault (BYOV) framework that provides you the flexibility to integrate with vault applications from any vendor for storing and managing your application secrets. You can build your own vault connector using the BYOV framework. The BYOV framework complements the out-of-the-box vault connectors that Saviynt provides for HashiCorp, CyberArk, and Fortanix vaults. For organizations that have invested in vaulting technology and the customizations required to make the vault work for their business needs, this feature provides investment protection. For more information, see Bring your Own Vault.

Other highlights:

Modern improved PAM onboarding experience and performance

  • Integrated PAM onboarding to application onboarding with a wizard-driven onboarding experience.  Pre-configured best practice configurations are included out-of-the-box with continuous enhancements via Saviynt Exchange. Intuitive interface requires less technical knowledge to implement.

Simplified access to Windows Active Directory domain members

  • Allows users to request for domain accounts and launch sessions to multiple Windows domain member workloads using a single request.
  • Monitors the privileged session with video recordings for security compliance.

Privileged account access control

Enhanced security controls by protecting the access to privileged accounts that an end user can request. These controls are based on the user’s role.

Windows service account management

  • Automatically discovers, vaults, and rotates passwords periodically for Windows local and domain service accounts (used in Windows services, COM+ services, and task schedulers). This helps to protect the credentials of service accounts.

Linux password management

  • CPAM vaults the passwords and keys for Linux and SSH target endpoints. This ensures that the users can get the credentials and connect to the target systems during an outage.

Password reconciliation

  • Provides for synchronization between workloads and Saviynt. Helps to detect backdoor access and prevents backdoor entries. Synchs random passwords and keys to vault.

Multiple app session requests

  • Allows an end user to request multiple remote apps while allowing the use of the same federated credentials providing access to applications with the same account at the same time.
Customer Support Enhancements for Greater Productivity

Saviynt continues to invest in enabling a great customer experience with an all new Documentation Portal. When customers need answers fast, the intuitive search and navigation enable swifter contextual search results, workflow maps provide interactive guidance for complex tasks in the product journey, personalized content is delivered with content collaboration based on preference and activity, and on-demand PDFs make it easy read and download content. The new Documentation Portal follows the release of our ideas portal and forums to increase customer self-sufficiency and productivity.

For more information about Saviynt’s v2022 Release, please read the release notes (requires Documentation Portal log in).