Synk.to is the first cloud-first identity management (IDM) platform! This means that you can now integrate multiple software as a service (SaaS) apps into your Synk.to system to seamlessly manage users and groups across your organization.

More and more companies use SaaS systems instead of on-prem solutions. Modern companies estimate that 70% of the business apps that they use today are based on SaaS.

Users and groups synchronization between different SaaS solutions via SCIM protocol is usually available only on SaaS Enterprise plans that cost 2.5x more on average compared to Pro/Team/Regular SaaS plans. If you don’t need SaaS Enterprise plans but need to sync users and groups between SaaS systems, Synk.to is for you!

Why do I need it?

In 2021, organizations worldwide were using an average of 110 software-as-a-service applications (according to Statista). If you are an admin of such an organization, it can be a hassle to keep users and groups in sync across all business SaaS systems. Meanwhile, timely access management is a crucial part of every cybersecurity, privacy, and compliance program of every modern organization.

How it connects to the systems?

Synk.to connects to different SaaS solutions using regular Admin APIs that usually allow managing users and groups but don’t require Enterprise plans.

To connect a SaaS system to Synk.to, you need to provide a limited API key or OAuth access. There are usually two types of access you can provide to Synk.to depending on your needs:

  • Read-write access to manage groups (add and exclude users from groups) and read-only access to manage users in the SaaS system. With this type of access, Synk.to won’t be able to create, suspend, or delete users in the SaaS application. But you can still keep your groups in sync across your SaaS solutions.
  • Read-write access to manage groups (add and exclude users from groups) and read-write access to manage users in the SaaS system. This type of access is recommended since only with it can you explore the full power of Synk.to. With this type of access, Synk.to will be able to automatically create new users across all your SaaS solutions, terminate or suspend users once they leave your company, and update user info once it changes.

How can I start?

To start user synchronization, you need to create an account in the Synk.to application and:

  1. Connect at least two systems to Synk.to in the “My Systems” section of the app. You can find guides on how to connect different SaaS systems to Synk.to here.
  2. Create at least one connection in the “My Connections” section of the app. You can find a guide on how to create a sync between Google and Slack here.

The connected system can be either a Source System or a Replica System:

  • Source System is a reference system. All user and group changes made in the Source System will be replicated to the Replica System (in accordance with provided permissions and connection configuration). You should use the primary sources of user and group data in your company as Source Systems. For example, main HR systems (BambooHR, Zenefits, Lattice) or IdP providers (Google Workspace, Azure AD).
  • Replica System is a system mimicking user and group changes from the Source System.

One more protection feature built into Synk.to is the ability to limit operations with users on a connection level:

  • Allow to automatically create new users in the Replica system.
  • Allow to automatically deactivate/delete users in the Replica system.

Without these options, Synk.to won’t perform any critical actions (creation, deletion, and suspension) on users in the Replica System.

How can I manage connections?

You can pause the synchronization anytime, force connection synchronization (to avoid waiting for the synchronization interval), view the connection log, edit, or delete a connection.

If you have any questions left, please check our FAQ or send them to support@synk.to.