SailPoint IdentityIQ’s ER Relationship Model

Posted on July 27, 2017May 21, 2019 by Neetika Malhotra in Cyber Security, Identity Governance, Sailpoint, Technology

Traditionally, all developers deciphered a product, by understanding the Entity Relationship model of the product’s database schema. This approach was the quick and easiest way to understand any product.

A similar approach is tried in deciphering SailPoint IdentityIQ, an Identity Governance solution from Sailpoint. The presentation envisages to give the audience a thorough understanding of the product, not from the API perspective, but from a database model perspective.

Sailpoint’s Identity IQ has some key objects like Identity, Application, Bundle etc. There are many dependent objects. Most of the key objects are covered comprehensively in the presentation.

eMail Configuration in Sailpoint IdentityIQ

Posted on July 4, 2017May 21, 2019 by Ganesh Kandekar in Identity Governance, Sailpoint, Technology

eMail communication has revolutionized the way we communicate. A tool/facility introduced for simple communications is now considered more formal and legal. For a long time deep linking, in simple terms, embedding buttons with logic to provide email based decisions has been prevalent.

There is nothing better than sending a direct link to a page where one needs to take an action, in an email. Especially for something which needs urgent attention.

Sailpoint’s IdentityIQ provides the functionality to notify users through Emails. We may also have Emails with embedded URL which provides direct access to pages in IdentityIQ.

In the following presentation, a detailed overview of Email Configurations and use of Emails in IdentityIQ is presented.

Following is the demo on Email notifications with URLs embedded in mails, which provides direct access to pages in IdentityIQ.

Sailpoint – Refresh Identity Cubes

Posted on March 26, 2017May 21, 2019 by Sandilya Krovvidi in Identity Governance, Sailpoint

In Sailpoint’s Identity IQ “Refresh Identity Cubes” is one among the most important internal tasks. Refresh Identity Cubes helps in building 360 degree purview of an identity based on all the data aggregated from external sources.

The following video is an extensive discussion on various aspects of Refresh Identity Cubes.

The various aspects that are covered as part of this video are:

Mechanisms to filter the identities to be considered for Refresh.
Various options in the Refresh Identity Cubes.
Using Multi-threading to improve the performance

Sailpoint Unix Integration

Posted on March 8, 2017March 8, 2017 by Sandilya Krovvidi in Identity Governance, Sailpoint

Unix is the mother of all operating systems and also is the foundation for Tim Berner Lee’s invention.

Every enterprise has a huge Unix foot print spanning across thousands of servers running various legacy applications.

As part of the mammoth task of securing the IT environments, securing the Unix servers would be the first step.

At ENH iSecure, we thrive to achieve complete and impeccable solutions leaving nothing to chance.
As a part of these efforts, we are speaking about Identity Governance in Unix with the help of Sailpoint’s IIQ.

The following is a video where we speak about governance of Unix using Sailpoint’s IIQ.

The following is a demo on Unix integration with Sailpoint.

IdentityIQ parallel and serial approvals

Posted on February 27, 2017May 21, 2019 by Mahesh Bitla in Identity Governance, Sailpoint, Technology

Introduction

Out of the box Sailpoint’s IdentityIQ provides numerous workflows for provisioning, we can implement our custom workflows according to the necessity. Similarly, parallel and serial approvals are workflows used in an enterprise to manage the access of the user.

Requirement

In the world of IAM, one thing every developer should remember is that “Right thing must be accessed by the Right user at a Right time“, from the above sentence we can say that an access must be rightfully distributed to the user.

In this requirement a user in an enterprise requested an entitlement or role using IdentityIQ then that access must be approved by the work groups which are maintaining that privilege.

Understanding parallel and serial approvals in IdentityIQ

The following video illustrates about parallel and serial approvals.

Working demo of parallel and serial approvals

The following video demonstrates how parallel and serial approvals accomplishes.

Solving problem SailPoint IdentityIQ “Mark Invalid Error”

Posted on October 14, 2016December 1, 2016 by Mahesh Bitla in Identity Governance, implementation-problems, Sailpoint, Technology

Problem description

When we try to correlate the accounts into SailPoint’s identityIQ using multiple authoritative sources the following
exception may arise.

Why this happens

The main reason for this error is ambiguity of accounts. After the account aggregation task completed when we try to run the task refresh identity cubes. Task is not running and error is displays as Task stopped by user. When you see the log file there a exception named Mark Invalid.

Case 1

The main cause for this error is, If you have added more than one authoritative sources marked for one identity. The following exception will arise. that means you have added two Authoritative sources representing the same data if run the aggregation task the accounts will be populated with their name then If we perform refresh identity cubes task the accounts will not linked its respective manager account because there will be an ambiguity between two accounts which has to be correlate as manager account.

Case 2

In other cases if you have any accounts or identities not properly deleted.

Solution

The solution I found is to get backup of the rules and application into a xml file using the console.Shutdown the application server and drop all the tables in database using the sql scripts provided by identityIQ then create the tables using the scripts. Import the init.xml using the iiq console.Then import the xml file which represents the application object. Then if you run the aggregation and correlation tasks you can see that all the identities and their managers are correlated in identity warehouse.

Rules in Identity IQ

Posted on August 12, 2016August 17, 2016 by Sandilya Krovvidi in Identity Governance, Sailpoint

The rules in Sailpoint’s Identity IQ are plugin points to customize the default behaviour. In this video, we spoke about various rules that are present in Identity IQ.

The video is extensive and it covers almost all the rules, it is suggested that we skim through the video. For convinience , an index is provided in the current blogpost after the video

The video comprises of various rules related to :

Applications configuration – 6 rules
Delimited file or similar kind of applications – 7 rules
Activity configuration – 2 rules
Provisioning – 1rule
Composite application – 2 rules
Certification – 9 rules
Roles – 2 rules
Identity mapping – 2 rules
Workflows – 7 rules
Scopes – 2 rules
Work Items – 3 rules
Tasks – 2 rules
Groups – 1 rule
Forms – 6 rules
Policies – 2 rules
Account mappings – 2 rules

Using lists in Identity IQ workflows at approval steps

Posted on July 11, 2016July 14, 2016 by Sandilya Krovvidi in Identity Governance, implementation-problems, Sailpoint

Sailpoint’s Identity IQ converts all the empty lists that go through an approval step in a workflow into NULL values. This does not hold the same with non-empty lists.

null diagram

For example, we have a global variable in the workflow which is an empty ArrayList ( [] ). It is going to be converted to ( NULL ) once it goes through an approval step. So in order that the lists work as per our need, we could provide a dummy value so that list is never converted to NULL when it goes through an approval.

EnH iSecure Blog

Tag: Identity IQ