SAP HR & ECC Source Integration

SAP is one of the world’s leading producers of software for the management of business processes, developing solutions that facilitate effective data processing and information flow across organizations.

SAP software provides multiple business functions with a single view to the entire data. This helps companies better manage complex business processes by giving employees of different departments easy access to real-time insights across the enterprise.

SAP solutions are classified into 6 core products as listed below.

In the below video, we are going to see the SAP HR/HCM source and SAP ERP Core Component (ECC) source integration in SailPoint IdentityNow.

SAP HR system integration.

SAP HCM solution is used to streamline the HR process and create a people centric organization.

SAP HR/HCM system that we are integrating in SailPoint IdentityNow will be the truth source from which identity governance is managed.

SAP ECC system integration

SAP ECC is the ERP system that integrates information from one SAP system to another system in real time, this helps companies better manage complex business processes by giving employees of different departments easy access to real-time insights across the enterprise.

As a result, businesses can accelerate workflows, improve operational efficiency and raise productivity.

By integrating SAP ECC to SailPoint IdentityNow, Identity access management and governance will be simplified.

Use cases.

On demand access request: User can request access based on requirement from request center.

Separation of Duties: Whenever user request for conflicting access SoD policy violation check will happen and warn the approver that approving access will violate SoD policy.

Leaver Scenario: When user lifecycle state is changed to terminated the end target applications access will be disabled.

Certification campaign: To certify user is having right access certification campaign can be configured and can be certified by user’s manager or source owner or a specific individual.

In the below video, we are going to look at a demo of above specified integrations and use cases.

SailPoint IdentityNow: Connector Rule API’s

Extensibility of services using vast API collections is sign of a true SaaS solution. SailPoint IdentityNow has recently released few APIs which allow us to upload our own connector rules required for app integrations.

Rule

In IdentityNow, Rules are the configurations which are used to provide additional flexibility where needed. Rules are basically developed using a scripting language called Bean Shell, it is a lightweight scripting language whose syntax is similar to Java.

Based on Execution type rules are divided into two types:

Cloud ExecutionConnector Execution
1)The Rules which are executed in the IDN tenant cloud are called Cloud Execution Rules.
1)The Rules which are executed on virtual Appliance (on premise) are called Connector Execution Rules.
2)There will be a review process for cloud rules to ensure any submitted Cloud Rules meet SailPoint requirements and doesn’t contain code that could harm the system and the only way to upload the rule is through SailPoint.2)Connector Rules are usually extension of the connector itself. These rules are mainly used to implement pre-processing of data and post-processing of data and to manipulate, merge or otherwise transform the incoming data as it’s being read

Rule Deployment Process

As-Is Process

In As-Is Process for deploying Connector Rules on the tenant developer should follow the below steps:

  1. Rule needs to be developed as per the requirements.
  2. Developed rule shall be submitted to SailPoint Expert services for review.
  3. Post review, rule will be uploaded on to the tenant.
  4. In case of any changes required the rule shall be resubmitted to the SailPoint Expert Services.

To-Be Process

In To-Be process the rule can directly be deployed to the IDN tenant using APIs. In case of any changes required/delete the developer can directly use these APIs and make required changes instead of going through tedious process like earlier.

Advantages and Limitations

Advantages

  1. Easy to Deploy – They are Easy to deploy on to the tenant compared to the entire previous process
  2. Faster deployment of rules – Rules will be deployed on the tenant instantly using APIs where old process used to take a minimum of 24hrs
  3. Low Cost from SailPoint Expert Services – Compare to previous methodology, deploying connector rules using APIs has minimal involvement from Expert Services.
  4. Rework is Faster – In case of any changes rather than repeating the entire process, rework is quicker using these APIs.
  5. Faster Integrations – Using APIs, the overall application integrations are faster.

Limitations

The only limitations for these APIs are that these APIs support only connector rule types, but not for the cloud rules as of now.

Connector Rule Rest API Operations

SailPoint Provides us with six APIs to perform connector rule operations mentioned below:

GET, LIST, CREATE, UPDATE, DELETE, VALIDATE are the APIs that are currently used for connector rule operations. A token with ORG_ADMIN authority is required to perform any operation.

Detailed documentation on connector rules APIs can be found here:

https://developer.sailpoint.com/apis/beta/#tag/Connector-Rule-Management

In the following presentation, I will be providing a detailed overview of Rules and Connector Rule APIs

In the following video, I will be providing a detailed demo of the Connector Rule APIs and their operations

SailPoint IdentityNow SSO integration with Okta

Okta is the leading solution for user authentication and single sign-on (SSO) for workforce as well as customer identities. Okta is capable of managing SSO to wide range of applications along with multi-factor authentication, directory integrations and lifecycle management from the cloud.

SailPoint IdentityNow is a cloud based identity and access management solution which aims to provide identity-as-a-service. IdentityNow enables a complete set of IAM capabilities delivered from the cloud to manage hybrid IT environments that include on-premises and cloud resources. IdentityNow supports SAML based Single Sign On. SAML is an open standard which allows an identity provider (like Okta) to pass on authentication information to a service provider (like IdentityNow).

In the following demonstration, we take a look at the SAML integration of IdentityNow with Okta for Single Sign-on. We will also go over the Active Directory integration in Okta and how this can be backed by IdentityNow’s lifecycle management.

SailPoint IdentityIQ SSO Integration with Okta

You have to admit that there are many people who change their password to ‘incorrect’ .That way it always reminds them whenever they enter a wrong password – “your password is incorrect” . Also a survey stated more than 78% of people tend to forget their latest passwords within 21 days of inactivity .

Amidst such scenarios , securing and monitoring the access for any external users like partners, contractors and customers who have access to organizational resources have always been a challenge for many organizations thereby increasing the demand for a centralized login system. Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials. 

Okta is the one of the leading provider for user authentication and standards-based single sign-on (SSO) for employee, partner and customer identity types. Okta supports and manages SSO for the enterprises with wide range of applications thereby providing a single secured centralized login system.

SailPoint IdentityIQ  supports Single sign-on as one of its supported login configurations . The SSO is based on the SAML protocol which is a standard protocol for the SSO and other security assertions.

In this blog we are going to take a look at the integration of SailPoint IdentityIQ with Okta for Single Sign on.

The following presentation discusses in detail about the integration between SailPoint IdentityIQ and Okta.

The following is the demonstration of steps for configuring Okta as an Identity Provider for SailPoint IdentityIQ

SailPoint IdentityNow Ticketing integration with ServiceNow

Ticketing systems form an excessive part of any enterprise’s IT infrastructure. An IT ticketing software, also known as an IT ticketing system, is a software program that enables organizations to resolve their internal IT support queries by managing and streamlining the process of issue resolution.
ServiceNow is a global leader in cloud-based ticketing systems and has been playing a visionary role in ITSM and ITOM.

IdentityNow is a leader in the market for a perfect IAM solution for organizations taking the next step into cloud computing. The product is simpler to tack together than several other IAM solutions in the market, thus additional configuration can be completed without the need for specialist resources. The User interface (UI) is a lot easier to interface for end-users and needs less coaching.
IdentityNow’s Service Integration Module, or SIM integration with ServiceNow, which converts IdentityNow provisioning actions into tickets in ServiceNow.

The following presentation will give the overall idea of ServiceNow service catalog integration with SailPoint IdentityNow and explanation of the use case,

The following is the demonstration and walk through the IdentityNow integration with Servicenow and showcases the integration use case,

Oracle E-Business Suite Integration with SailPoint IdentityNow

Oracle‘s E-Business Suite (EBS) is the most comprehensive collection of business applications to enable management and optimization of critical business processes. EBS includes applications for enterprise resource planning (ERP), human resources management (HRMS), customer relationship management (CRM), financials and supply chain management (SCM) among others.

SailPoint IdentityNow provides a complete solution to manage Oracle E-Business accounts data, passwords, and access with it’s connector. The user management and the assignment of roles and responsibilities can be simplified and streamlined using IdentityNow. This integration also facilitates implementation of Segregation of Duties (SoD) policies in real-time, enabling role based access and performing user access reviews.

In this presentation, we will overview of Oracle EBS and its integration with IdentityNow for user access management including the pre-requisites and the connector APIs.

The following demonstration includes the basic integration process along with role based access control for Oracle EBS.

Comprehensive Overview of Sailpoint’s IdentityNow

SailPoint has the solution to meet the needs of identity governance that exist in today’s business environments. The solution is available for businesses to easily consume because it’s in the cloud this solution which is IdentityNow. With many features such as User Password Management, Access Certification, Access Requests, Provisioning, Multi-factor authentication, Strong Authentication and Analytics. IdentityNow is a leader in the market for a perfect IAM solution for organizations taking the next step into cloud computing.

The product is simpler to tack together than several other IAM solutions in the market, thus additional configuration can be completed without the need for specialist resources. The User interface (UI) is a lot of easier to interface for end-users and needs less coaching.

Continue reading

Governing G Suite using SailPoint Identity IQ

Identity IQ – G Suite Integration

Office productivity suites comprise the essential set of tools required for an employee’s day to day work. They offer core services to users like email, calendars, shared storage and other tools to create and consume the information. New generation productivity suites understand today’s business needs and are designed to be omnipresent and highly collaborative.

G Suite is Google’s cloud based productivity suite. Being a cloud based solution, it is omnipresent and can be accessed all possible devices. Also, it is highly collaborative in nature. Google’s most popular services like Google mail, calendar, drive, docs, sheets, hangouts are bundled into G Suite. G Suite has been received greatly by organizations of all the sizes and has recorded 5 million organizations by end of 2018. G Suite has quickly climbed up the ladder to become a leader in Gartner’s magic quadrant for 2 years consecutively.

Governing such core cloud based services containing sensitive information is of great importance.

In the following presentation, we provide a detailed overview of G Suite integration with Identity IQ.

G Suite – Identity IQ Integration

In the following video, we provide a detailed demo of this integration.

A detailed demo of G Suite governance with IDENTITY NOW is coming shortly.

SailPoint IdentityIQ Plugins

Introduced with IdentityIQ 7.1, the plugin framework provides the infrastructure and tools to enable developers to extend the Open Identity Platform to meet a variety of specialized use cases that one might encounter in a non-standard deployment.

SailPoint IdentityIQ 7.1 Plugin Framework provides a dynamic, plugin-specific class loader. It also introduces a simple, supportable, and upgrade-able user experience. The dynamic class loader provides protection for the base classes from modification, and allows for additional security and upgrade-ability.

continue reading

SailPoint IdentityIQ SSO Integration with PingFederate

Nowadays, almost every website requires some form of authentication to access its features and content. With the number of websites and services rising, a centralized login system has become a necessity. Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials. PingIdentity’s PingFederate allows the SSO for the enterprises which have the multiple applications and API’s to protect.

PingFederate is the leading enterprise federation server for user authentication and standards-based single sign-on (SSO) for employee, partner and customer identity types.

Continue reading