Saviynt Duplicate User Management

Introduction Of Duplicate Identity Management

A user might have multiple identities in the identity repository. Duplicate identities are not created in EIC but are imported from different applications. It will create compliance issues and pose a security vulnerability. Duplicate Identity Management feature is used to find the duplicate identities in the repository and resolve them by comparing and merging identities after a manual review.

Reasons for Duplicates:

• Individual enrolled multiple times within the system

• During mergers, acquisitions and divestitures

• Multiple authoritative sources

• Dynamic user base where users play multiple roles.

Organizations are facing several challenges when it comes to duplicate identities. Using DIM feature, we can address these challenges like below;

1. Detect duplicates before importing identities or within existing identities based on user attributes.

2. Detect duplicates during the import process to prevent the execution of birthright provisioning rules for duplicates and review manually for adjudication and further handling.

3. Prevent birthright provisioning for duplicates identified during user import.

4. Perform side by side comparison and decide whether to merge or reject the duplicates.

5. Deactivate the duplicate identity after the merge process.

Methods of Detecting Duplicates

Import job:

This method is used to detect duplicates for new, updated, and existing users. User can detect duplicates through an import job, a manual import, or using the createUser API. After importing or updating the users into Saviynt, we need to run the user import job to get the details of updated users. A matching logic runs in the background to identify the duplicate identities and updates their statuses as potential duplicates in the DIM page.

Duplicate Identity Detection job:

Use this method to detect duplicates for existing users. This method can be used in the following scenarios:

• If the Duplicate Identity Detection job fails during user import

• To detect duplicates from identities that were imported before running the Duplicate Identity Detection job

• To periodically run the Duplicate Identity Detection job during off-peak hours to see if any identities are missing during the import process

• If the administrator wants to change the coarse matching and fine matching conditions and retroactively identify duplicates within existing users post the import process.

Updating users:

Use this method to detect duplicates while updating users through Admin> Identity Repository or using the update User API. The duplicate detection service is invoked only if the Enable match process during user import option is enabled in Global Configurations.

Configuration

Step1 - Set up Global Configuration for Duplicate Identity Management

Admin->Global Configuration-> Intelligence ->Duplicate Identity Management

Step2 - Validate SAV Role configuration for Duplicate Identity Management

The APIs webservice_api_v5_user and webservice_api_v5_getUser helps to view and compare the user details .

Step3 - Create and Execute Duplicate Identity Detection Job

Step4 - Analyze and Merge Duplicate Identities

Go to Intelligence> Duplicate Identity Management

After the merge, the primary identity will be in active status and all other duplicate identities will be inactive.

Conclusion

Saviynt’s Duplicate Identity management feature helps organization to resolve duplicate identities. It ensures accurate identities by detecting duplicates while doing user import, update and scheduled jobs. DIM prevents compliance risks and security vulnerabilities caused by active duplicate identities. By consolidating duplicates into a single primary identity, DIM strengthens governance and operational efficiency.