SailPoint IdentityNow : Segments Feature

Posted on by Arshad Moghul in Identity Governance, Sailpoint, Technology

Introduction

Access requests is a feature in SailPoint IdentityNow using which the users gain ability to make a manual request for access that they need.

Segments feature released by SailPoint IdentityNow is  promoting zero trust in the enterprises. Using this feature, request center items will be made available to the users only on a “Need to know” basis.

For example, a user from IT department is able to see Jira, Bitbucket, Administrative / Privileged access across applications like Active Directory, ServiceNow and various other applications in the request center. For a user from Marketing department, the above access is not relevant and with segments, we are abstracting those items. The relevant access for marketing users would be Salesforce CRM and the same will be visible for the users.

In the presentation below, we will be discussing about segments feature in detail :

In the below video, we will provide a practical demonstration on how to configure segments, how it affects the end user perspective using a practical use-case :

Advantages

  1. Limit end user visibility for applicable access
    • Only the access that is applicable for a subset of identities and relevant for them is displayed using segments. This helps in avoiding the confusion in finding the right role/access profile while making an access request.
  2. Reduce incorrect access requests
    • End users shall not make any incorrect access requests because the only access items that they’ll see in the request center are already fine tuned and configured according to the organizational requirement.  
  3. Limit accidental provisioning
    • If presented with a lot of access items, users might request for something that they don’t need. This can be avoided by creating and assigning users to their respective segments based on certain criteria.
  4. Reduce cost of software licensing
    • Due to accidental access provisioning, users might be consuming additional licenses for access that they do not need which is a major costing risk. This can be avoided by configuring segments.

References

TopicURL
Segments Documentationhttps://documentation.sailpoint.com/saas/help/requests/segments.html?h=segmen
Segments REST API referencehttps://developer.sailpoint.com/apis/beta/#tag/Segments

Arshad Moghul

Leave a Reply

Your email address will not be published. Required fields are marked *