Securing your corporate data and solution is critical in today's world. If an unauthorized person has access to your business data, your company will be seriously impacted. To mitigate this, these developers have developed SailPoint Cloud, a cutting-edge platform that combines AI and machine learning. Companies can effectively avoid unwanted user access and reduce the risk of sensitive data leakage with the aid of this technology. The Microsoft Azure Cloud-based technologies and platforms are better protected with this Sailpoint. This blog unveils the basic idea of what is Sailpoint and will explore the concepts of Sailpoint introduction, an overview of Sailpoint IdentityIQ, Components of Sailpoint IdentityIQ, Sailpoint IdentityIQ certification phases.
Introduction to Sailpoint
Sailpoint is an automated version of identity management that lowers the expense and complexity of identity management for users while still granting them access. Sailpoint is a mobile device that is lightweight and easy to use. It is referred to as an identity management solution because it provides more functionality than identity management. IdentityIQ is given by Sailpoint and is known as the IdentityIQ war-file. Many of the program modules are included in this war file.
Maintaining knowledge access in today's dominant, data-driven context is a challenge that needs much more from Identity and Access Management (IAM) technologies than ever before. In the area of IAM, SailPoint is generally recognized as the industry leader. Organizations will now place IAM at the forefront of their security and IT policy by using IdentityIQ and its Open Identity Platform, allowing them to view and govern access through the enterprise, including on-premises and cloud systems and applications.
These days, Sailpoint is holding to its credibility as a pioneer. Compliance, security, and productivity all benefit from effective identity controls. SailPoint IdentityIQ is a cutting-edge identity management system that eliminates the expense and hassle of complying with regulations while still supplying users with access. Traditional identity management addresses these fields independently and often hires a variety of disjoint products.
IdentityIQ, on the other hand, offers a unified solution based on a shared identity governance system. This allows access-related practices to be implemented systematically through enterprise, security policy, role, and risk models. To simplify access certifications, policy enforcement, and end-to-end access request and provisioning procedures, IdentityIQ includes the following main components.
Overview of SailPoint IdentityIQ
SailPoint Identity IQ
There are many solutions on the market today that include an IDM solution for business applications. So, what's new with IdentityIQ from Sailpoint? The key is in its method of providing a solution. Existing IDM solutions are IT-centric, and their effectiveness is largely dependent on the IT helpdesk and technical team. Sailpoint needs to migrate as many identities and access procedures as possible from the IT technical team to end-users, reducing the technical team's dependence. As a whole, we may claim that this software is more business-oriented than other IDM products that are more IT-oriented. In comparison to current IDM products, which have different interfaces with various meanings, it has a single-use interface.
Sailpoint IdentityIQ is a single approach that combines provisioning and enforcement capabilities. As a matter of fact, this IDM product will handle all aspects of identity and access management, including "access certifications," "policy enforcement," "account provisioning," and "user life-cycle management."
Components of Sailpoint Identity IQ
Sailpoint Identity IQ is made up of four main components:
1. Compliance Manager
SailPoint IdentityIQ Compliance Manager combines identity procedures such as Access certification* and Policy enforcement* and automates common auditing, monitoring, and maintenance practices.
Compliance Manager aids in the prioritization of the most important compliance tasks and focuses restrictions on the users, equipment, and access rights that pose the greatest risk.
Access Certifications: User control rights are reviewed regularly to ensure that they are aligned with the user's job role and follow protocol guidelines. Internal controls such as access certifications are frequently used to ensure regulatory compliance.
Policy Enforcement: The collection of preventive and detective controls that ensure the company follows established policies automatically.
2. Lifecycle Manager
From a centralized, user-friendly interface, SailPoint IdentityIQ Lifecycle Manager enables enterprise users to seek entry and reset passwords. IdentityIQ Lifecycle Manager guarantees that users have only the most suitable standards of access for their job role by applying policies on all customer lifecycle processes.
IdentityIQ Lifecycle Manager integrates with authoritative channels such as HR applications and corporate directories to simplify changes to user access arising from a variety of identity lifecycle activities (i.e., new hires, transfers, moves, or terminations). If a lifecycle incident is observed, the Lifecycle Manager initiates the necessary business process, which involves policy checking and approvals.
We will use Lifecycle Manager to:
Self-service access request: Under the limits of your pre-defined identity policies and role models, centralized access request management enables administrators and end-users to request new access or make improvements to current access rights. It also allows you to display current access and delete it as required, as well as build and edit identities, more effectively and accurately.
Self-Service: The method of encouraging users to request resource access through a self-service interface, with the request being forwarded to the required manager(s) for approval using workflow.
Password management: Controlling the setting, resetting, and synchronizing of passwords through networks by automation.
Users and/or their authorized delegates will update or reset passwords across target applications using the same business-friendly user interface. Allowing end-users to manage password updates on their own will drastically minimize the number of calls to the service desk. Most notably, unified password management would help us to implement strong password policies that are customized for each application consistently.
Event-based lifecycle management: We should incorporate event-driven lifecycle management to automate access changes based on HR or other authoritative feeds to further streamline user onboarding, offboarding, and other job changes within the enterprise.
3. Governance Platform
The IdentityIQ Governance Framework from SailPoint centralizes identity data, collects corporate policies, models positions, and handles user and resource risk factors constructively. These advanced capabilities help companies to enforce protective and detective controls for essential identity business processes such as access certifications, access requests, lifecycle management, and provisioning.
We will use the Governance Platform to:
4. User Provisioning
The SailPoint IdentityIQ Provisioning Broker acts as a channel between enforcement and customer lifecycle processes, allowing for consistent user interfaces and processes at the business tier that is distinct from technological change processes. Provisioning Broker sends access update requests to automatic provisioning systems, such as IdentityIQ Provisioning Engine or third-party provisioning systems, which may also use manual change control procedures to monitor the progress of any modifications demanded by the company by generating help desk tickets or manual work products. This streamlined orchestration of improvements through access management systems unifies policy compliance, workflow control, and auditing, giving organizations the freedom to adjust user access in the manner they see fit.
We can do the following with User Provisioning:
Provisioning: User access to programs, software, and databases is granted, changed, or removed based on unique user identity.
Identity Cubes and Identity Attributes Concept
Sailpoint IdentityIQ Certification Phases
When it comes to Access Governance for Sailpoint IdentityIQ, certification procedures are crucial. In general, the principles are the same as they are in every other Access Governance product, but let's take a closer look at IdentityIQ certifications.
The Certification processes enable testers, administrators, and certifiers to examine and correct user access to different tools such as applications, entitlements, profiles, and functions, among others. Certifications in IdentiyIQ are classified into groups based on the form of resources:
Despite the fact that certifications are graded depending on their functionality, all of the aforementioned categories of certifications go through the same processes during their lifecycle. Some steps are optional, while others may be needed. There are the four phases:
Configuring certification criteria on the Basic, Lifecycle, Notifications, Behavior, and Advanced pages of the UI is part of this phase. The certification's phases are determined by the combination of these parameter values. Parameters such as certification owner, certification frequency, notification scenarios, and other related parameters are specified during this process.
Sailpoint Certification Types
There are two types of certifications available in Sailpoint IQ. The first is based on their "Time Period of Execution," and the second is based on their "functionality."
Let's start with a discussion of their designation based on their "Time period of Execution."
Certifications may be run regularly or on an ongoing basis. Periodic certifications concentrate on the frequency of which the overall credential must be performed, while continuous certifications focus on the frequency of which specific products must be accredited.
Certifications may also be set up to operate in response to events that occur during the life cycle of an identity. For example, it may be set up to automatically produce a credential when the manager of an identity changes, or when a job change occurs, or even when a new identity is created.
Hourly, daily, weekly, yearly, quarterly, and annual certifications are all set to run regularly. These analyses include a snapshot of the identities, roles, and account groups regularly. Periodic certifications are concerned with the number of times whole institutions (identities, positions, and account groups) must be accredited.
Periodic certifications necessitate the certifier signing off on a completed access check, one in which all of the items (roles, entitlements, breaches, and account groups) have been addressed and verified.
Continuous certifications are concerned with the frequency of which specific objects (roles, entitlements, and violations) within identification category certifications must be accredited, rather than the frequency with which the whole credential must be conducted. The sign-off approach isn't used in continuous certifications.
Let's take a look at how they're classified based on their "functionality."
Manager Certifications — Ensure that the direct reports have the privileges they need to do their jobs, and just the privileges they need to do their jobs.
Application Owner Certifications — Ensure that all identities using an application for which an Application Owner is responsible have the necessary permissions.
Entitlement Owner Certifications — Ensure that all identities accessing entitlements that an Entitlement Owner is liable for are right.
Advanced Certifications — Ensure that all identities in the population associated with the Advanced Certification have the required entitlements and responsibilities.
Account Group Certifications — Ensure the account communities for which an account user is liable to have the required approvals and membership. The owner of the application on which they reside certifies account groups that do not have owners assigned.
Role Certifications — Ensure that the positions for which a role owner is responsible are made up of the necessary roles and entitlements and that they are allocated to the appropriate identities.
Identity Certifications — certify the entitlement information for the identities chosen from the Identity Risk Score, Identity Search Results, or Policy Breach pages, which are normally for at-risk users.
Event‐Based Certifications — Certify entitlement details for the identities chosen based on IdentityIQ events.
Identity governance has always placed more importance on ensuring safe and compliant user access. However, identity is now inspiring companies more than ever before, due to the added intelligence of AI and machine learning. Predictive Identity from SailPoint enables people to do their best work. SailPoint identity handles the dynamic protection and enforcement problems, from provisioning users on Day 1 to automating The helpdesk requests, so your people can function freely while your applications are stable.
Batch starts on 22nd May 2021, Weekend batch
Batch starts on 26th May 2021, Weekday batch
Batch starts on 30th May 2021, Weekend batch