CyberArk is the global leader in PAM solutions with a holistic approach towards privileged account management. It covers not only traditional PAM problems but also extends its capabilities with various features like managing hard-coded application credentials, analytics, on-demand privileges escalation and managing end-user devices like desktops.
Quicklinks are usually used for faster access of specific functionalities. Often a “no delays” workflow where the start and end of the workflow happen within one single launch of quicklink shall be launched by quicklinks. Usually these kind of workflows involve custom Sailpoint forms which would not be useful once the user stops using this quick link by navigating to some other page.
Conventional workflow launches are serialized by storing the workflow cases as XML objects. This leads to many work items and workflow cases which are incomplete and hang around the Identity IQ over long run. This might lead to performance issues and unwanted data accumulated inside IIQ.
As the transient workflows do not try to serialize the objects referred by the variables, Logger objects can also be stored in the workflow variables.
This provides us the flexibility to maintain a workflow level logger variable to use your custom logging. Rather than instantiating the custom loggers whenever we require them, we can simply use the workflow variable whenever required.
Validation scripts are amongst the most common features while working with Sailpoint Identity IQ’sworkflow forms. When we have common validation logic for multiple fields, it is always good to maintain this piece of logic in a separate rule library and call it from the validation script whenever required. This encourages modularity of the code and decreases code redundancy.
The way in which the name space of a validation script of a form in the workflow behaves is quite different from the rest of the workflow. Initial declaration of referenced libraries does well for referring the code in other parts of the workflow. But this does not work with validation scripts.
The following syntax should be used when we are using the rule referencing in validation scripts –
In Sailpoint’s Identity IQ “Refresh Identity Cubes” is one among the most important internal tasks. Refresh Identity Cubes helps in building 360 degree purview of an identity based on all the data aggregated from external sources.
As part of the mammoth task of securing the IT environments, securing the Unix servers would be the first step.
At ENH iSecure, we thrive to achieve complete and impeccable solutions leaving nothing to chance.
As a part of these efforts, we are speaking about Identity Governance in Unix with the help of Sailpoint’s IIQ.
It is possible that creation of an instance in Oracle Directory Server might end up with the following error message:
port number 389 is a privileged port.
This happens because all the ports less than 1024 on Linux are treated as privileged. Most of our well know ports like 389 for the LDAP, 80 for HTTP, 443 for HTTPS reside in this range of ports.
Linux enforces that the services cannot be created at the privileged ports until and unless the privileges are escalated.
In this particular case, we can start the instance using the following command:
sudo dsadm start <path-to-instance>
The main reason for need for extra privileges when we use the privileges may be because there is a chance that the firewalls do not block traffic from these ports. Any attacker who might be interested in stealing your data over the network could be opening such ports so that he could escape firewalls. To reduce the attack surface, it is enforced that the privileged port need root access.
For example, we have a global variable in the workflow which is an empty ArrayList (  ). It is going to be converted to ( NULL ) once it goes through an approval step. So in order that the lists work as per our need, we could provide a dummy value so that list is never converted to NULL when it goes through an approval.
Oracle Linux has a default firewall in the name of package “iptables“. This firewall is enabled by default when installed .Without disabling or modifying it we could not access most of the services provided by the Linux. For example, you may not be able to access your database and tomcat over the network.
We can disable the firewall by following the below procedure :