Tag: IAM

Okta WIC Core Capabilities

Posted on by Dinesh Runjala in Okta

About Okta:

Okta is a trusted player in Identity & Access Management domain & is renounced for its best-in-class products & services. By leveraging the cloud, Okta allows users to access applications on any device at any time, while still enforcing strong security controls. Okta integrates with your organization’s existing directories, HRMS / Application directories and 3rd party identity systems to establish a central directory structure. Okta got an app catalogue of 8,000+ app integration which facilitates the users to have seamless SSO experience to access the integrated entitled applications from a single dashboard. Okta Workforce Identity cloud is a platform for your employees, contractors, or partners to access your organization’s digital resources.

Okta platform is spread across the Identity Domains and the capabilities around those core pillars.

  • Access Management.
  • Identity Governance & Administration.
  • Privileged Access
Okta Workforce Identity Cloud

Access Management:

Access Management primary focus of interest is around granting & revoking privileges to access an application or data or perform any actions on the applications / systems. The main objectives of Access Management are to authenticate the users, authorizing the actions attempted by the users & accounting the activities / actions performed.

Okta is aligned to these guiding principles and ensures the right users have access to the right resources at the right time through a variety of products & services listed below.

  • Single Sign-On
  • Adaptive Multi Factor Authentication
  • Password-less Authentication
  • Identity Federation
  • Access Gateway
  • Security Policies
  • Behaviors detections
  • Identity Threat Protection

Identity Governance & Administration:

Identity Governance & Administration focuses on governance, compliance & visibility across identities spread across the organizations. Identity governance is about policies around separation of duties, access requests for role management, access certifications to validate the access privileges, finally analytics & reporting. While Identity Administration is focused on provisioning the users to the requested applications / resources, managing the changes in the user role with appropriate access privileges & deprovisioning the access privileges when access is no longer required. IGA systems are designed to give organizations visibility into access sprawls and provide better controls to identify and limit access creeps to their resources.

Okta manages IGA diligently and the IGA architecture is perfectly balanced by leveraging the following products & services:

  • Access Governance
    • Access Requests
    • Access Certifications
    • Reporting
    • Entitlement Management
  • Lifecycle Management
  • Okta Workflows

Privileged Access Management:

Privileged Access Management revolves around securing & monitoring access to critical systems initiated by privileged users such as IT administrators, Application Owners, Contractors or 3rd party vendors who manage the infrastructure on your behalf. Users who hold privileged accesses are susceptible to cyber security attacks and if left unnoticed, results in a higher risk impacting the organization overall security posture. Compromising the privileged accounts will let the malicious actors have the key to the organization’s digital assets.

Okta being a cloud Identity Provider & with the tight integrations between these core pillars, Okta Privileged Access facilitates organizations to reduce risk by leveraging the IGA & Access Management services for privileged resources irrespective of the resource origins, cloud or on-premises servers. This will deliver better visibility, security, and compliance, without compromising on the user’s experience. Okta Privileged Access key capabilities are as follows:

  • JIT access to the infrastructure
  • Session recording & Auditing
  • Secrets Vaulting
  • Privileged Access Governance
  • Service Account management for Applications.

Demonstration of Core Capabilities:

Here’s the video comprising the core capabilities & working flow showcasing few real-time scenarios.

Reference Links:

Single Sign-On | Okta

Adaptive Multi-Factor Authentication (AMFA) | Okta

Identity Governance | Okta

Okta Privileged Access | Okta

SailPoint IdentityIQ Prod Architectures

Posted on by Kishore Gaddam in Identity Governance, Sailpoint, Technology

Introduction:

IT infrastructure and operations are critical assets for businesses to function smoothly. Disaster recovery management involves planning and implementing strategies to ensure that an organization can quickly recover from disruptive events, such as natural disasters, cyberattacks or equipment failures. IT disaster recovery management is a way to save the business from negative consequences of these risks. 

Such scenarios can present a direct threat to business continuity and survival. The impact can be in the form of financial losses, operation disruptions, reputation loss, or even legal consequences.

This blog post discusses disaster recovery management and the best practices to adopt. 

Disaster Recovery:

Disaster recovery is the process by which an organization attempts to prevent or minimize the loss of business and data in the event of a disaster. It is about how an organization bounces back and regains normalcy after the catastrophic impact of such events. 

Disasters can have significant impacts on software systems, affecting both the functionality and security of applications.

Some key impacts:

  1. Data Loss: Disasters can lead to the loss of critical data, especially if proper backup systems are not in place.
  2. Downtime: Software systems may experience prolonged downtime, disrupting business operations and leading to financial losses.
  3. Security Breaches: Disasters can expose vulnerabilities, making systems more susceptible to cyberattacks and data breaches.
  4. Corrupted Data: Data corruption can occur during disasters, leading to inaccurate or unusable information.
  5. Service Disruptions: Essential services and applications may become unavailable, affecting users and customers.

For example, in 2024, OpenAI experienced a major outage due to a misconfiguration in their Kubernetes system, which disrupted key services like ChatGPT and Sora for several hours. This incident highlighted the importance of proper configuration management and disaster recovery planning.

SailPoint Disaster recovery plan for business continuity. It refers to the processes and procedures to ensure the uninterrupted functioning of the business’s during and after a disruptive event.

The simple flow illustrates the DC-DR strategy.

Data Center-Disaster Recovery (DC-DR) architecture has several advantages.

Advantages:

  1. Business Continuity: Ensures that critical business operations can continue during and after a disaster, minimizing downtime.
  2. Data Protection: Provides robust data backup and recovery solutions, safeguarding against data loss.
  3. Compliance: Helps meet regulatory requirements for data protection and disaster recovery.
  4. Scalability: Can be scaled to accommodate growing business needs and data volumes.

This video explains the SailPoint IdentityIQ Production Architecture and business continuity plan strategies.

Prerequisites: (DC-DR works for all latest versions).

The below software’s are used by our ENH environment.

  1. SailPoint IIQ
  2. JDK
  3. Tomcat (any application servers).
  4. NGINX (Load Balancer)
  5. Database (Mysql)
  6. Linux (OS)

The Key points of Disaster recovery is Data Replication and Load balancing.

Database Replication:

Steps – How database replication works:

  • Step 1: Identify the Primary Database (Source): A primary (or master) database is chosen as the main source of truth where data changes originate.
  • Step 2: Set Up Replica Databases (Targets): One or more replicas (or secondary databases) are configured to receive data from the primary database.
  • Step 3: Data Changes Captured: Any updates, inserts, or deletes in the primary database are recorded, typically through a transaction log or change data capture mechanism.
  • Step 4: Transmit Changes to Replicas: The captured changes are sent to replica databases over the network in real-time or at scheduled intervals.
  • Step 5: Apply Changes on Replicas: The replicas apply these updates to keep their data in sync with the primary database.

Load Balancing:

In an active-standby (or active-passive) load balancer setup, the primary load balancer (active) handles all the traffic under normal conditions, while the secondary load balancer (standby) remains on standby, ready to take over if the primary load balancer fails.

Steps – How Load balancers works.

  • Primary Load Balancer (Active):
    1. Actively manages and distributes incoming traffic to the servers in the primary data center (DC).
    2. Continuously monitors the health and performance of the servers and the network.
  • Secondary Load Balancer (Standby):
    1. Remains on standby, not handling any traffic under normal conditions.
    2. Regularly synchronizes with the primary load balancer to stay updated with the current state and configurations.
  • Failover Process:
    1. If the primary load balancer detects a failure or significant issue, it triggers the failover process.
    2. The secondary load balancer becomes active and starts handling the traffic, ensuring minimal disruption to services.
  • Failback Process:
    1. Once the primary load balancer is restored and verified to be fully operational, traffic can be redirected back.
    2. The secondary load balancer returns to standby mode, ready for any future failover events.

This setup ensures high availability and reliability by providing a backup load balancer that can quickly take over in case of a failure.

The following demo video is a deep dive demonstration of SailPoint Disaster recovery plan and failover configurations using our ENH environment.

Recommendations:

NGINX (Load Balancer):

  1. Configure only UI servers in Load Balancer.
  2. Sticky Sessions: Configure the load balancer for sticky sessions (also known as session persistence) to ensure that user sessions are consistently routed to the same application server.
  3. We recommend active-standby (or active-passive) load balancer setup.

Database:

  1. Configure your database for replication to ensure high availability and disaster recovery. Use native database replication features like MySQL replication or Oracle Data Guard.
  2. Data base must be one phase commit.
  3. While replicating make sure only identityiq, identityiqah, identityiqPlugin are replicated.



Pass Through Authentication via Active Directory in SailPoint IdentityIQ

Posted on by Kashyap Kota in Sailpoint

Pass Through Authentication (PTA)

In today’s digital age, secure authentication is crucial for all kinds of organizations. Pass Through Authentication enables users to access resources seamlessly without the need for maintaining credentials in on-prem infrastructure. The user credentials are validated against the organization’s directory service such as Active Directory without the need to store credentials. PTA is used commonly in hybrid environments where organizations want control over authentication while integrating with cloud services. The diagram below depicts the process of Pass Through Authentication via Active Directory in SailPoint IdentityIQ.

Image: Pass Through Authentication via Active Directory

  1. A user requests to log in to an application, in our case, SailPoint.
  2. The application (SailPoint) secures the credentials by encrypting them.
  3. The login configuration is checked and found out to be Pass Through Authentication.
  4. The credentials are validated against Active Directory.
  5. After successful validation, the user is logged in.

Advantages

⦁ Pass Through Authentication ensures the credentials are not stored, reducing the risk of exposure.
⦁ Simplifies user management by validating with a directory system like Active Directory.
⦁ Provides real-time authentication, ensuring accurate and up-to-date access control.
⦁ Offers seamless experience as users can log in to on-prem and cloud-based applications using the same credentials.

Let’s have a close look into Pass Through Authentication in below video.

In this video, a detailed demonstration on Pass Through Authentication via Active Directory and usecases like AD Birthright Provisioning are discussed.

SailPoint Identity Security Cloud Launcher and Launchpad

Posted on by Prince Singh in Identity Governance, Sailpoint, Technology

Introduction

SailPoint Identity Security Cloud is a comprehensive Identity and Access Management (IAM) solution designed to help organizations manage user access to critical systems and applications efficiently and securely. Within IdentityNow, Launcher and Launchpad are key components that enhance user experience and streamline access management processes.

Launcher

Launcher is a feature within IdentityNow that allows users to manually initiate interactive processes related to access management. It is tied to entitlements and can be assigned to users through regular governance practices. Here’s how it works:

  • Manual Initiation: Users can manually start processes such as access requests, certifications, and reviews.
  • Entitlements: The launcher is linked to specific entitlements, ensuring that users have the appropriate permissions to initiate these processes.
  • Governance Integration: It integrates with IdentityNow’s governance framework, allowing for seamless management and oversight of access-related activities.

Launchpad

Launchpad is a centralized interface within IdentityNow that provides users with a single point of access to various identity management tasks and applications. It offers a user-friendly and intuitive way to navigate and manage identity-related activities. Key features include:

  • Centralized Access: Users can access different identity management functions from one place, improving efficiency and ease of use.
  • Customization: The launchpad can be customized to meet the specific needs of an organization, allowing for personalized dashboards and workflows.
  • Self-Service Capabilities: Users can perform self-service tasks such as password resets, access requests, and profile updates directly from the launchpad.

Creation Flow for Launcher and Launchpad

Together, Launcher and Launchpad enhance the user experience by providing intuitive and efficient ways to manage access and identity-related tasks within IdentityNow.

In the video below, I have thoroughly explained Launcher and Launchpad, along with Forms and Workflow, using a simple presentation:

In this video, I have vividly explained the entire process of Launcher and Launchpad using real-life analogies:

Machine Identity Management in SailPoint Identity Security Cloud

Posted on by Anirudh Rajagopal in Identity Governance, Sailpoint, Technology

Introduction

The age of AI and automation is here. With organizations all around the globe leveraging Artificial Intelligence and Machine Learning, more and more tasks and processes previously done manually, are now being automated. This leads to the creation of several machine accounts dealing with Robotic Process Automation (RPA), privileged service accounts for authenticating requests from an external system, and the like. Consequently, organizations are spending more time and resources managing the access held by these non-human accounts in every application, which can often lead to complicated situations as there is no centralized view of the same.

Why Machine Identity Management?

As described above, organizations are automating mundane processes, and thus more machine accounts are being created. These accounts can be difficult to manage and govern in a standalone environment, considering the lack of ownership and effective ways to control and manage their access. The following are some statistical insights on machine accounts shared by SailPoint: –

This gives a clear picture as to how AI, Automated Scripts and Robotic Processes are taking over the workplace, which signifies the difficulty as well as importance of managing these machine accounts.

The solution – SailPoint Machine Identity Security

This is where SailPoint’s Machine Identity Security jumps in. It offers a robust set of features to:-

  • Discover any accurately configured machine account on any source
  • Classify the accounts as machine accounts, by using an account attribute/set of attributes (eg, in Active Directory, if there are machine accounts containing the word “bot” in their sAMAccountName, we can use this account attribute to classify these accounts as machine accounts in SailPoint)
  • Assign a human owner to a machine account. This identity will be responsible for reviewing the access held by the machine account in a certification campaign
  • Correlate the machine accounts to machine identities
  • Certify the machine account’s access using Certification Campaigns

The diagram above depicts SailPoint Machine Identity Security, which aggregates machine accounts from various applications such as Active Directory, SAP and Web Service and manages them under a single platform i.e., Identity Security Cloud.

Advantages

There are several advantages to using SailPoint Machine Identity Security: –

  • It provides clear visibility and insights on all machine accounts across various applications.
  • It provides tools to automate the management of machine accounts. This eliminates the need to maintain and manage these accounts and their access manually, such as on excel sheets.
  • Human owners can be assigned to machine accounts, ensuring accountability, risk detection and mitigation.
  • Access reviews via Certification Campaigns help ensure that machine accounts follow the principle of Least Privileged Access Control.

Let’s have a close look at how SailPoint Machine Identity Security works in the following video: –

The following video is a deep dive demonstration of SailPoint Machine Identity Security: –

Hope this blog gave you some insights into how you can use SailPoint Machine Identity Security to effectively classify, manage and govern machine accounts from any source. Please share your thoughts and feedback in the comment box below.

Please follow our socials to stay up to date with the latest technology content.

Thank you!

SailPoint Identity Security Cloud Multi Host Groups

Posted on by Sreeja Agamamidi in Technology

Introduction:

Modern Enterprises have huge infrastructure and configurations, governing and managing them in complex and difficult.

To overcome this problem, SailPoint Identity Security Cloud Multi Host Groups allows easier management of infrastructure and related integrations.

Multi Host Groups helps bulk source creation of infrastructure components and server configurations from a centralized location.

Basically, it is a container which holds sources and associated account aggregation and entitlement aggregation groups. So that we can aggregate all the sources at once, instead of doing one at a time.

From the diagram we can see, without multi host group, we need to aggregate all the sources, one at a time, which will be redundant and time consuming, but using multi host groups we can aggregate a group of sources once.

Features:

Below, is the list of available features in SailPoint Identity Security Cloud Multi Host Groups:

  • Bulk Source Integration
  • Support for MS SQL Server and Oracle Database Connector use cases
  • Aggregation Groups
  • Centralized integrations

In this blog, we will be discussing about the Identity Security Cloud Multi Host Group in detail. The following are the key topics that are discussed as part of the blog.

  1. What is Multi Host Group?
  2. Key Features of Multi Host Group.
  3. Creating and Viewing Multi Host Groups.
  4. Editing, Testing and Deleting Multi Host Groups
  5. Managing Account and Entitlement Aggregation Groups
  6. Limitations and Best Practices

In the video blog of SailPoint Identity Security Cloud Multi Host Groups, we will be discussing above mentioned topics.

Video:

Detailed demo on managing multi host groups is present in the following video.

Video:

SailPoint Identity Security Cloud Loopback Connector

Posted on by Sreeja Agamamidi in Technology

Problem:

In SailPoint Identity Security Cloud, we often face challenges in managing and governing user level permissions and governance group membership effectively, which may lead to unauthorized access and audit failures. Governing access inside Identity Security Cloud is important.

Current blog helps govern access in Identity Security Cloud using Identity Security Cloud loopback connector.

Solution – Loopback connector:

The purpose of loopback connector is used to manage Identity Security Cloud user levels and governance groups as entitlements.

Users can request for elevated user levels permissions and governance groups as entitlements through request center. Once that is approved user will get required higher permission or governance group membership based on requested entitlement.

Supported Operations:

Below are the supported operations in loopback connector:

  • Account Aggregation
  • Governance Groups Aggregation
  • User levels Aggregation
  • Provisioning
  • Add Entitlement
  • Remove Entitlement

Operations and APIs

Below is the list of endpoints we used for each operation in loopback connector:

S. NoOperationsEndpoints
1Account Aggregation/v3/accounts
2Governance Group Aggregation/beta/workgroups
3Provisioning/v3/accounts
4Authentication/oauth/token
5Add Entitlement for User Levels/v3/auth-users/:id
6Add Entitlement for Governance Groups/v3/workgroups/accessId/members/bulk-add

In this blog, we will be discussing about the Identity Security Cloud Loopback Connector in detail. The following are the key topics that are discussed as part of the blog.

  1. Problem statement
  2. What is loopback connector and what we can achieve from that?
  3. Use cases we can achieve using loopback connector
  4. What are the supported operations?
  5. End points used for each operation.

In the video blog of SailPoint Identity Security Cloud Loopback Connector, we will be discussing above mentioned topics.

Video:

Detailed demo on developing & testing loopback connector is present in the following video.

Video:

All the mentioned technical components are only available for internal use. However, refer to the below table for an overview on different technical components, which can be used to develop the loopback connector.

S. NoComponent NameUse
1Java ProgramThis program is used to take details like tenant id, client id, client secret and source id and update all rules with provided input data.
2Account Aggregation RuleThis is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all the available accounts from the respective tenant.
3User Levels Aggregation RuleThis is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all user levels available from the respective tenant.
4Governance Groups Aggregation RuleThis is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all the available governance groups from the respective tenant..
5Add EntitlementThis is Webservice Before Operation Rule. Users can build this rule in such away, upon entitlement request, respective governance group membership or elevated permissions are assigned to users
6Remove EntitlementThis is Webservice Before Operation Rule. Users can build this rule in such away, respective governance group membership or elevated permissions are removed from users.

SailPoint Identity Security Cloud Transforms

Posted on by Sreeja Agamamidi in Technology

Introduction

SailPoint Identity Security Cloud Transforms are configurable objects that allow us to manipulate attribute data while aggregating from or provisioning to a source. Sometimes transforms are referred to as Seaspray, the codename for transforms. Identity Security Cloud Transforms and Seaspray are essentially the same.

As we can see from the below diagram, we will be providing input to transform, transformation occurs and output will be returned. So, the way transformation occurs depends on the type of operation used. Some of the transform operations are Concatenation, Conditional, Date Format etc.

Transform REST APIs

In order to create the transform, get transform details, update transform or delete any tranform, we can make use of REST APIs available for transforms.

There are 5 REST APIs are available for transforms in V3 and Beta APIs.

Rest APIsDescription
List TransformsList Transform API is used to get list of all available transforms from the tenant
Create TransformCreate Transform API is used to create a new transform and upload it into the tenant.
Transform by IDTransform by ID is used to get the details of a particular transform.
Update TransformUpdate a transform API is used to update any existing transform.
Delete TransformDelete transform API is used to delete any transform using transform ID.

Transform Operations:

In order to make use of transform according to the use case, we should understand various transform operations that are available.

Below are the various types of operations that are available in transform. Each of these operations performs specific task, we can use them according to our needs.

Transform OperationDescription
Account Attribute TransformAccount attribute transform used to look up an account for a particular source on an identity and return a specific attribute value from that account. 
Base64 Decode TransformThe base64 decode transform allows you to take incoming data that has been encoded using a Base64-based text encoding scheme and render the data in its original binary format.
Base64 Encode TransformBase64 transform will take an input, this input is given to base64 encode transform and the encodes string is returned as output.
Decompose Diacritical Marks TransformDecompose diacritical marks transform to clean or standardize symbols used within language to inform the reader how to say or pronounce a letter.
E.164 Phone TransformUse the E.164 phone transform to convert an incoming phone number string into an E.164-compatible number.
Identity Attribute TransformTransform is used to get the users identity attribute value.
Lower TransformThis transform is used to convert input string into lowercase character.
Upper TransformThis transform is used to convert input string into uppercase characters.

In below series of 4 videos, we comprehensively cover all the details around the transforms including basic syntax of transforms, APIs around transforms and all the types of transforms.

Transforms Series – Video 1 of 4:
Below video is the first video in a series of 4 videos about transforms. This part contains an introduction to transforms, syntax of transform, types of Inputs, REST APIs and API Responses.

Video:

Transforms Series – Video 2 of 4: Below video is the second video in a series of 4 videos about transforms. This part contains use cases, transform operations like account attribute transform, base64 decode transform, base64 encode transform, concatenation, conditional, date format, date math, date compare, decompose diacritical marks, first valid, generate random string

Video:


Transforms Series Video 3 of 4:
Below video is the third video in a series of 4 videos about transforms. This part contains about transform operations like  get end of string, get reference identity attribute, identity attribute, index of , ISO3166, last index of, left pad, look up lower, name normalizer, random alphanumeric, random numeric

Video:

Transforms SeriesVideo 4 of 4:
Below video is the fourth video in a series of 4 videos about transforms. This part contains about transform operations like reference, replace all, replace, right pad, rule, split, static, substring, trim, upper, username generator, UUID generator

Video:

SailPoint IdentityIQ Custom Connector

Posted on by Harshith Thondamnati in Cyber Security, Identity Governance, Sailpoint, Technology

Introduction

Connectivity is critical to successful IAM deployments. SailPoint is committed to providing design, configuration, troubleshooting and best practice information to deploy and maintain connectivity to target systems. SailPoint IdentityIQ enables you to manage and govern access for digital identities across various applications in your environment. Connectors are the bridges that IdentityIQ uses to communicate with and aggregate data from applications. SailPoint IdentityIQ provides a wide range of OOTB connectors that facilitate integration with variety of systems, applications and data sources. These connectors are designed to simplify the process of managing Identity information and access across different platforms.  

In SailPoint IdentityIQ, a Custom Connector is a specialized integration component that allows the IdentityIQ platform to connect and interact with external systems, applications, or data sources that are not supported by the standard OOTB connectors. Custom connectors extend the capabilities of IdentityIQ by enabling it to manage identity-related information in a wider range of systems. 

High level architecture of Custom connector 

Custom Connector Development

Developing Custom connector in SailPoint IdentityIQ involves creating a Java-based implementation that adheres to the connector framework and API provided by SailPoint.  

This allows you to define the interaction between IdentityIQ and the specific external system you want to integrate with. A typical development of custom connector includes 4 steps – 

  1. Creating a new implementation of functionality and packaging it into JAR file. 
  • The custom connector uses the openconnector framework provided by SailPoint in the openconnector package where there are lot of methods provided for different type of operations.  
  • The custom logic which you want to implement using this custom connector shall be developed in the specified methods.  
  • Once code development is completed, Custom connector code with all the classes must be compiled and packaged to a JAR file.  
  • And the JAR file must be placed in WEB-INF/lib folder of IIQ Installation directory 
  1. Defining Connector type in Connector Registry 
  • Connector Registry is an XML file present in IdentityIQ as Configuration object. This file contains the information about all the different connectors and their related details.  
  • Now that we have created a new connector in our IdentityIQ, we have to declare its information and details in Connector Registry.  
  • Here we will create an xml file consisting of the details pertaining to our custom connector. Once we Import this xml file into IdentityIQ, it will be merged with the existing Connector Registry file in IdentityIQ database allowing IdentityIQ to create a new entry in the list of connectors.  
  • Alternatively, the Connector Registry could be manually edited through the Debug page
  1. Defining .xhtml page which specifies required and optional connection parameters. 
  • Usually, some parameters are required to define the connection to the target resource (e.g. host, port, username, password, etc.).  
  • To allow these parameters to be specified through the UI for each application that uses this connector, an .xhtml page must be written to define how the Application Configuration user interface will request and record those parameters.  
  • This file must be placed in the [IdentityIQ Installation Directory]/define/applications/ directory and must be referenced in the application definition’s XML as the “formPath” entry.  
  1. Testing the connector by Creating an application which uses this connector. 
  • Finally, after completing all the development related activities, one must start the application server which is hosting IdentityIQ.   
  • An Application object must be created for using the IdentityIQ’s UI. Select the configured custom connector as application type to tie it to the connector registry configuration and specifying any connection parameters through the configuration. 
  •  Once the application is onboarded, we can perform all the configured functionalities in it and verify back the results within the targeted external application.  
  • Alternatively, Application connector can be tested from the integration console (run iiq integration from the [IdentityIQ Installation Directory]/WEB-INF/bin directory).  
  • This console can be used to test the various features of your connector including Aggregation and Provisioning

The following presentation gives you clear understanding of custom connector development in detail.

Now let’s have a demo on building custom connector, deploying it into SailPoint IdentityIQ and using it. 

Please subscribe to our social media and stay updated with latest technology content. Thanks!

SailPoint IdentityNow Workflows

Posted on by Swapna Sarit Panda in Identity Governance, Sailpoint, Technology

About SailPoint IdentityNow Workflows:

IdentityNow workflows are a way to automate processes related to Identity Security Cloud. These processes when carried individually are manual, error prone and laborious in nature.

Here are a few examples of the power of workflows.

  1. Design workflows that can handle a growing number of users onboarding requests, ensuring scalability as the organization hires new employees.
  2. Design workflow to raise tickets in ticketing system to automate the resolution of access-related issues reported by users, ensuring a streamlined process.
  3. Modify an existing workflow to include new steps for managing temporary access during a special project, adapting to changing business needs.
  4. Implement a workflow for access reviews that automatically identifies and revokes unnecessary access rights, ensuring that users only retain permissions relevant to their current roles.
  5. Streamline access request procedures including approval steps for access approval or modification.
  6. Send email alert when an identity changes group in end application.
  7. No human involvement while configuring and activating certification campaign when identity changes department and also send email alert to reviewer.

In this video blog, we will be discussing about the IdentityNow workflows in detail. The following are the key topics that are discussed as part of the blog.

  1. Why SailPoint introduced Workflow in IdentityNow
  2. Available platforms in IdentityNow to build a workflow.
  3. General terminology and use of Inline variables
  4. Simulating and testing a workflow
  5. Migrate workflows between sandbox and production.

The detailed discussion of Workflows, it’s terminology and configuration process are present in the following video.

Detailed demo on developing & testing workflows in all 3 possible ways is present in the following video.

Please subscribe to our socials and stay updated with latest technology content.