Multi Host Groups helps bulk source creation of infrastructure components and server configurations from a centralized location.
Basically, it is a container which holds sources and associated account aggregation and entitlement aggregation groups. So that we can aggregate all the sources at once, instead of doing one at a time.
From the diagram we can see, without multi host group, we need to aggregate all the sources, one at a time, which will be redundant and time consuming, but using multi host groups we can aggregate a group of sources once.
Support for MS SQL Server and Oracle Database Connector use cases
Aggregation Groups
Centralized integrations
In this blog, we will be discussing about the Identity Security Cloud Multi Host Group in detail. The following are the key topics that are discussed as part of the blog.
In SailPoint Identity Security Cloud, we often face challenges in managing and governing user level permissions and governance group membership effectively, which may lead to unauthorized access and audit failures. Governing access inside Identity Security Cloud is important.
Current blog helps govern access in Identity Security Cloud using Identity Security Cloud loopback connector.
Users can request for elevated user levels permissions and governance groups as entitlements through request center. Once that is approved user will get required higher permission or governance group membership based on requested entitlement.
Supported Operations:
Below are the supported operations in loopback connector:
Account Aggregation
Governance Groups Aggregation
User levels Aggregation
Provisioning
Add Entitlement
Remove Entitlement
Operations and APIs
Below is the list of endpoints we used for each operation in loopback connector:
In this blog, we will be discussing about the Identity Security Cloud Loopback Connector in detail. The following are the key topics that are discussed as part of the blog.
Problem statement
What is loopback connector and what we can achieve from that?
Detailed demo on developing & testing loopback connector is present in the following video.
Video:
All the mentioned technical components are only available for internal use. However, refer to the below table for an overview on different technical components, which can be used to develop the loopback connector.
S. No
Component Name
Use
1
Java Program
This program is used to take details like tenant id, client id, client secret and source id and update all rules with provided input data.
This is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all the available accounts from the respective tenant.
This is Webservice Before Operation Rule. Users can build this rule in such away, upon entitlement request, respective governance group membership or elevated permissions are assigned to users
Duo is a two-factor authentication solution that helps organizations boost security by verifying user identity, establishing device trust, and providing a secure connection to company networks and applications.
Why Duo
Duo is fast, easy and flexible. Passwords and even basic Multi-Factor Authentication (MFA) aren’t enough to keep you safe from today’s attackers. Duo gives you the extra layers of protection you need for secure access management. With this setup, Duo two-factor authentication (2FA) is added as a verification option for account unlocking and password resets.
Prerequisites to integrate Duo
Configure SailPoint Web application and copy ClientID, secret and hostname these details are required for SailPoint integration.
Add users and enroll them in the application. User should have an account in SailPoint.
Technical Overview:
Here’s the technical demonstration on the integration of Duo
Use case Demonstration – Integration flow:
Please refer to the below video to have an understanding about Duo integration
SailPoint configuration
The steps to be done in SailPoint tenant for duo integration
First in SailPoint, integrate the Duo and then check the test connection after successful test connection
Enable multifactor Authentication in Identity profile
And select duo web in Password Reset and Unlock Settings
Now you are all set to use duo authentication
Duo 2FA for Identity security cloud password reset
With duo integration user can reset his password
First user has to proceed to reset password
Enter the username
Then you should enter the passcode received from duo after successful duo authentication you can able to set new password
Duo 2FA for Identity security cloud Unlock account
If the user account got locked, then he can unlock his account with duo integration
First user has to proceed to unlock account
Enter the username
After successful duo authentication your account will be unlocked
In order to create the transform, get transform details, update transform or delete any tranform, we can make use of REST APIs available for transforms.
Delete transform API is used to delete any transform using transform ID.
Transform Operations:
In order to make use of transform according to the use case, we should understand various transform operations that are available.
Below are the various types of operations that are available in transform. Each of these operations performs specific task, we can use them according to our needs.
The base64 decode transform allows you to take incoming data that has been encoded using a Base64-based text encoding scheme and render the data in its original binary format.
Transforms Series – Video 2 of 4: Below video is the second video in a series of 4 videos about transforms. This part contains use cases, transform operations like account attribute transform, base64 decode transform, base64 encode transform, concatenation, conditional, date format, date math, date compare, decompose diacritical marks, first valid, generate random string
Video:
Transforms Series – Video 3 of 4: Below video is the third video in a series of 4 videos about transforms. This part contains about transform operations like get end of string, get reference identity attribute, identity attribute, index of , ISO3166, last index of, left pad, look up lower, name normalizer, random alphanumeric, random numeric
Video:
Transforms Series– Video 4 of 4: Below video is the fourth video in a series of 4 videos about transforms. This part contains about transform operations like reference, replace all, replace, right pad, rule, split, static, substring, trim, upper, username generator, UUID generator
IdentityNowworkflows are a way to automate processes related to Identity Security Cloud. These processes when carried individually are manual, error prone and laborious in nature.
Here are a few examples of the power of workflows.
Design workflows that can handle a growing number of users onboarding requests, ensuring scalability as the organization hires new employees.
Design workflow to raise tickets in ticketing system to automate the resolution of access-related issues reported by users, ensuring a streamlined process.
Modify an existing workflow to include new steps for managing temporary access during a special project, adapting to changing business needs.
Implement a workflow for access reviews that automatically identifies and revokes unnecessary access rights, ensuring that users only retain permissions relevant to their current roles.
Send email alert when an identity changes group in end application.
No human involvement while configuring and activating certification campaign when identity changes department and also send email alert to reviewer.
In this video blog, we will be discussing about the IdentityNow workflows in detail. The following are the key topics that are discussed as part of the blog.
