Author: Sreeja Agamamidi

SailPoint Identity Security Cloud Multi Host Groups

Posted on by Sreeja Agamamidi in Technology

Introduction:

Modern Enterprises have huge infrastructure and configurations, governing and managing them in complex and difficult.

To overcome this problem, SailPoint Identity Security Cloud Multi Host Groups allows easier management of infrastructure and related integrations.

Multi Host Groups helps bulk source creation of infrastructure components and server configurations from a centralized location.

Basically, it is a container which holds sources and associated account aggregation and entitlement aggregation groups. So that we can aggregate all the sources at once, instead of doing one at a time.

From the diagram we can see, without multi host group, we need to aggregate all the sources, one at a time, which will be redundant and time consuming, but using multi host groups we can aggregate a group of sources once.

Features:

Below, is the list of available features in SailPoint Identity Security Cloud Multi Host Groups:

  • Bulk Source Integration
  • Support for MS SQL Server and Oracle Database Connector use cases
  • Aggregation Groups
  • Centralized integrations

In this blog, we will be discussing about the Identity Security Cloud Multi Host Group in detail. The following are the key topics that are discussed as part of the blog.

  1. What is Multi Host Group?
  2. Key Features of Multi Host Group.
  3. Creating and Viewing Multi Host Groups.
  4. Editing, Testing and Deleting Multi Host Groups
  5. Managing Account and Entitlement Aggregation Groups
  6. Limitations and Best Practices

In the video blog of SailPoint Identity Security Cloud Multi Host Groups, we will be discussing above mentioned topics.

Video:

Detailed demo on managing multi host groups is present in the following video.

Video:

SailPoint Identity Security Cloud Loopback Connector

Posted on by Sreeja Agamamidi in Technology

Problem:

In SailPoint Identity Security Cloud, we often face challenges in managing and governing user level permissions and governance group membership effectively, which may lead to unauthorized access and audit failures. Governing access inside Identity Security Cloud is important.

Current blog helps govern access in Identity Security Cloud using Identity Security Cloud loopback connector.

Solution – Loopback connector:

The purpose of loopback connector is used to manage Identity Security Cloud user levels and governance groups as entitlements.

Users can request for elevated user levels permissions and governance groups as entitlements through request center. Once that is approved user will get required higher permission or governance group membership based on requested entitlement.

Supported Operations:

Below are the supported operations in loopback connector:

  • Account Aggregation
  • Governance Groups Aggregation
  • User levels Aggregation
  • Provisioning
  • Add Entitlement
  • Remove Entitlement

Operations and APIs

Below is the list of endpoints we used for each operation in loopback connector:

S. NoOperationsEndpoints
1Account Aggregation/v3/accounts
2Governance Group Aggregation/beta/workgroups
3Provisioning/v3/accounts
4Authentication/oauth/token
5Add Entitlement for User Levels/v3/auth-users/:id
6Add Entitlement for Governance Groups/v3/workgroups/accessId/members/bulk-add

In this blog, we will be discussing about the Identity Security Cloud Loopback Connector in detail. The following are the key topics that are discussed as part of the blog.

  1. Problem statement
  2. What is loopback connector and what we can achieve from that?
  3. Use cases we can achieve using loopback connector
  4. What are the supported operations?
  5. End points used for each operation.

In the video blog of SailPoint Identity Security Cloud Loopback Connector, we will be discussing above mentioned topics.

Video:

Detailed demo on developing & testing loopback connector is present in the following video.

Video:

All the mentioned technical components are only available for internal use. However, refer to the below table for an overview on different technical components, which can be used to develop the loopback connector.

S. NoComponent NameUse
1Java ProgramThis program is used to take details like tenant id, client id, client secret and source id and update all rules with provided input data.
2Account Aggregation RuleThis is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all the available accounts from the respective tenant.
3User Levels Aggregation RuleThis is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all user levels available from the respective tenant.
4Governance Groups Aggregation RuleThis is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all the available governance groups from the respective tenant..
5Add EntitlementThis is Webservice Before Operation Rule. Users can build this rule in such away, upon entitlement request, respective governance group membership or elevated permissions are assigned to users
6Remove EntitlementThis is Webservice Before Operation Rule. Users can build this rule in such away, respective governance group membership or elevated permissions are removed from users.

SailPoint Identity Security Cloud Transforms

Posted on by Sreeja Agamamidi in Technology

Introduction

SailPoint Identity Security Cloud Transforms are configurable objects that allow us to manipulate attribute data while aggregating from or provisioning to a source. Sometimes transforms are referred to as Seaspray, the codename for transforms. Identity Security Cloud Transforms and Seaspray are essentially the same.

As we can see from the below diagram, we will be providing input to transform, transformation occurs and output will be returned. So, the way transformation occurs depends on the type of operation used. Some of the transform operations are Concatenation, Conditional, Date Format etc.

Transform REST APIs

In order to create the transform, get transform details, update transform or delete any tranform, we can make use of REST APIs available for transforms.

There are 5 REST APIs are available for transforms in V3 and Beta APIs.

Rest APIsDescription
List TransformsList Transform API is used to get list of all available transforms from the tenant
Create TransformCreate Transform API is used to create a new transform and upload it into the tenant.
Transform by IDTransform by ID is used to get the details of a particular transform.
Update TransformUpdate a transform API is used to update any existing transform.
Delete TransformDelete transform API is used to delete any transform using transform ID.

Transform Operations:

In order to make use of transform according to the use case, we should understand various transform operations that are available.

Below are the various types of operations that are available in transform. Each of these operations performs specific task, we can use them according to our needs.

Transform OperationDescription
Account Attribute TransformAccount attribute transform used to look up an account for a particular source on an identity and return a specific attribute value from that account. 
Base64 Decode TransformThe base64 decode transform allows you to take incoming data that has been encoded using a Base64-based text encoding scheme and render the data in its original binary format.
Base64 Encode TransformBase64 transform will take an input, this input is given to base64 encode transform and the encodes string is returned as output.
Decompose Diacritical Marks TransformDecompose diacritical marks transform to clean or standardize symbols used within language to inform the reader how to say or pronounce a letter.
E.164 Phone TransformUse the E.164 phone transform to convert an incoming phone number string into an E.164-compatible number.
Identity Attribute TransformTransform is used to get the users identity attribute value.
Lower TransformThis transform is used to convert input string into lowercase character.
Upper TransformThis transform is used to convert input string into uppercase characters.

In below series of 4 videos, we comprehensively cover all the details around the transforms including basic syntax of transforms, APIs around transforms and all the types of transforms.

Transforms Series – Video 1 of 4:
Below video is the first video in a series of 4 videos about transforms. This part contains an introduction to transforms, syntax of transform, types of Inputs, REST APIs and API Responses.

Video:

Transforms Series – Video 2 of 4: Below video is the second video in a series of 4 videos about transforms. This part contains use cases, transform operations like account attribute transform, base64 decode transform, base64 encode transform, concatenation, conditional, date format, date math, date compare, decompose diacritical marks, first valid, generate random string

Video:


Transforms Series Video 3 of 4:
Below video is the third video in a series of 4 videos about transforms. This part contains about transform operations like  get end of string, get reference identity attribute, identity attribute, index of , ISO3166, last index of, left pad, look up lower, name normalizer, random alphanumeric, random numeric

Video:

Transforms SeriesVideo 4 of 4:
Below video is the fourth video in a series of 4 videos about transforms. This part contains about transform operations like reference, replace all, replace, right pad, rule, split, static, substring, trim, upper, username generator, UUID generator

Video: