Event Triggers

Posted on November 1, 2021 by Abhinov Dhonthula in Identity Governance, Sailpoint, Technology

Event triggers is an extensibility feature recently released by sailpoint which enables us to integrate identitynow with third party applications. Event triggers follows an event based architecture towards integration.

IdentityNow has many even triggers which capture the events internal to IdentityNow. This can be related to various IdentityNow internal processes like aggregation, provisioning, access request etc.

In response or action to an event, Event triggers have a capability to communicate with external applications. This response can happen via webhooks or AWS event bridge.

If webhook is configured as an action for the event trigger, respective HTTP APIs will be called.

If an AWS event bridge is configured for the event trigger, an event can be setup to be captured on an AWS event bridge.

Types of Event Triggers

REQUEST_RESPONSE

This type of trigger is used to give the custom application an ability to answer back to a trigger event sent by the trigger service. This integration is bi-directional. A response from the custom application is required for a trigger invocation to be considered complete and successful.

FIRE_AND_FORGET

This type of trigger is used to notify the custom application of a particular occurrence of an event. This integration is uni-directional. Trigger invocation is successful the moment the trigger service notifies the external application, and it does not require a response from the custom application.

IdentityNow has a set of event triggers that you can configure to connect to web hooks in third-party systems.

Available Event Triggers

In below presentation we will be viewing the concept of event triggers in brief.

Use Case:

Let us see a real time use case for this.

Our target is to create a request in service now instance when the user is terminated from the organization.
We can track the user status based on identity attribute cloudLifecycleState.
We will make use of identity attribute change event trigger and create a request in service now instance.

Below is the workflow representation.

In below video we will be demonstrating the real time implementation of event triggers.

References:

https://developer.sailpoint.com/triggers/getting_started.html

SailPoint IdentityNow : Segments Feature

Posted on October 26, 2021October 27, 2021 by Arshad Moghul in Identity Governance, Sailpoint, Technology

Introduction

Access requests is a feature in SailPoint IdentityNow using which the users gain ability to make a manual request for access that they need.

Segments feature released by SailPoint IdentityNow is promoting zero trust in the enterprises. Using this feature, request center items will be made available to the users only on a “Need to know” basis.

For example, a user from IT department is able to see Jira, Bitbucket, Administrative / Privileged access across applications like Active Directory, ServiceNow and various other applications in the request center. For a user from Marketing department, the above access is not relevant and with segments, we are abstracting those items. The relevant access for marketing users would be Salesforce CRM and the same will be visible for the users.

In the presentation below, we will be discussing about segments feature in detail :

In the below video, we will provide a practical demonstration on how to configure segments, how it affects the end user perspective using a practical use-case :

Advantages

Limit end user visibility for applicable access
- Only the access that is applicable for a subset of identities and relevant for them is displayed using segments. This helps in avoiding the confusion in finding the right role/access profile while making an access request.
Reduce incorrect access requests
- End users shall not make any incorrect access requests because the only access items that they’ll see in the request center are already fine tuned and configured according to the organizational requirement.
Limit accidental provisioning
- If presented with a lot of access items, users might request for something that they don’t need. This can be avoided by creating and assigning users to their respective segments based on certain criteria.
Reduce cost of software licensing
- Due to accidental access provisioning, users might be consuming additional licenses for access that they do not need which is a major costing risk. This can be avoided by configuring segments.

References

Topic	URL
Segments Documentation	https://documentation.sailpoint.com/saas/help/requests/segments.html?h=segmen
Segments REST API reference	https://developer.sailpoint.com/apis/beta/#tag/Segments

ERP Overview from an IAM Perspective

Posted on February 26, 2021 by Shivangi Singh in Identity Governance, Technology

ERP plays a critical role by helping an organization in managing its core business processes such as, project management, procurement, sales, etc. It manages day-to-day business activities by providing a central information system for data sharing. A greater visibility, increased productivity and operational efficiency can be observed by synchronizing all these areas. To authenticate and authorize the users within ERP software, there is a major role played by Identity and Access Management. It authenticates the digital identity of the users and manage their roles and access privileges in the central information system.

In this blog we are discussing about the benefit of implementing ERP by comparing it with the traditional method and also about securing it with the help of IAM modules. The blog also mentioned about the SAP (System applications and Product) which is a top ERP solution, it has positioned as a leader in Gartner’s Magic quadrant for single instance ERP, for multiple consecutive areas as per different evaluation criteria.

COBIT in IAM Projects – An overview

Posted on February 16, 2021February 16, 2021 by Shivangi Singh in Cyber Security, Identity Governance, Technology

Information technology is expanding within the business world immensely. For the success of your business, one of the key requirements is the effective IT governance. There are numerous frameworks available to manage the Information Technology within an organization, and COBIT is one such framework that aligns your IT strategies with business strategies. It narrowly focuses on security, risk, management and governance.

While an organization is dealing with important projects like Identity and Access Management, COBIT implementation ensures that we are aligning with the business & IT objectives for IAM.

In this blog we are going to put some light on the COBIT framework and its implementation within the business processes of an organization.

EnH iSecure Blog

Tag: IAM