How it works

Synk.to is the first cloud-first identity management (IDM) platform! This means that you can now integrate multiple software as a service (SaaS) apps into your Synk.to system to seamlessly manage users and groups across your organization.

More and more companies use SaaS systems instead of on-prem solutions. Modern companies estimate that 70% of the business apps that they use today are based on SaaS.

Users and groups synchronization between different SaaS solutions via SCIM protocol is usually available only on SaaS Enterprise plans that cost 2,5x more on average comparing to Pro/Team/Regular SaaS plans. If you don’t need SaaS Enterprise plans, but need to sync users and groups between SaaS systems, Synk.to is for you!

Why do I need it?

In 2021, organizations worldwide were using an average amount of 110 software as a service applications (according to Statista). If you are an admin of such organization, it can be a hassle to keep users and groups in sync across all business SaaS systems. Meanwhile, timely access management is a crucial part of every cybersecurity, privacy and compliance program of every modern organization.

How it Works?

Synk.to connects to different SaaS solutions using regular Admin APIs that usually allow to manage users and groups, but don’t require Enterprise plans.

In order to connect SaaS system to Synk.to you need to provide limited API key or OAuth access. There are usually two types of access that you can provide to Synk.to depending on your needs:

• Read-write access to manage groups (add and exclude users from groups) and read-only access to manage users in SaaS system. With this type of access Synk.to won’t be able to create, suspend or delete users in SaaS application. But you can still keep your groups in sync across your SaaS solutions.
• Read-write access to manage groups (add and exclude users from groups) and read-write access to manage users in SaaS system. This type of access is recommended, since only with it you can explore the full power of Synk.to. With this type of access Synk.to will be able to automatically create new users across all your SaaS solutions, terminate or suspend users once they leave your company, and update user info once it changes.

How can I start?

In order to start user synchronization you need create account in Synk.to application and:

1. Connect at least two systems to Synk.to in “My Systems” section of the app. You can find guides on how to connect different SaaS systems to Synk.to here.
2. Create at least one connection in “My Connections” section of the app. You can find guide on how to create sync between Google and Slack here.

The connected system can be either Source System or Replica System:

• Source System is a reference system. All user and group changes made in Source System will be replicated to Replica System (in accordance with provided permissions and connection configuration). You should use the primary sources of user and group data in your company as a Source Systems. For example, main HR systems (BambooHR, Zenefits, Lattice) or IdP providers (Google Workspace, Azure AD).

• Replica System is a system mimicking user and group changes from Source System. There is one more protection feature build-in to Synk.to is the ability to limit operations with users on a connection level.

• Allow to automatically create new users in the Replica system,
• Allow to automatically deactivate/delete users in the Replica system.

Without that options Synk.to won’t do any critical actions (creation, deletion and suspension) on users in Replica System.

How can I manage connections?

You can pause the synchronization any time, force connection synchronization (in order not to wait the synchronization interval), view connection log, edit or delete connection. If you have any questions left, please, check our FAQ or send them to [email protected].