SAP HR & ECC Source Integration

SAP is one of the world’s leading producers of software for the management of business processes, developing solutions that facilitate effective data processing and information flow across organizations.

SAP software provides multiple business functions with a single view to the entire data. This helps companies better manage complex business processes by giving employees of different departments easy access to real-time insights across the enterprise.

SAP solutions are classified into 6 core products as listed below.

In the below video, we are going to see the SAP HR/HCM source and SAP ERP Core Component (ECC) source integration in SailPoint IdentityNow.

SAP HR system integration.

SAP HCM solution is used to streamline the HR process and create a people centric organization.

SAP HR/HCM system that we are integrating in SailPoint IdentityNow will be the truth source from which identity governance is managed.

SAP ECC system integration

SAP ECC is the ERP system that integrates information from one SAP system to another system in real time, this helps companies better manage complex business processes by giving employees of different departments easy access to real-time insights across the enterprise.

As a result, businesses can accelerate workflows, improve operational efficiency and raise productivity.

By integrating SAP ECC to SailPoint IdentityNow, Identity access management and governance will be simplified.

Use cases.

On demand access request: User can request access based on requirement from request center.

Separation of Duties: Whenever user request for conflicting access SoD policy violation check will happen and warn the approver that approving access will violate SoD policy.

Leaver Scenario: When user lifecycle state is changed to terminated the end target applications access will be disabled.

Certification campaign: To certify user is having right access certification campaign can be configured and can be certified by user’s manager or source owner or a specific individual.

In the below video, we are going to look at a demo of above specified integrations and use cases.

SailPoint IdentityNow: Connector Rule API’s

Extensibility of services using vast API collections is sign of a true SaaS solution. SailPoint IdentityNow has recently released few APIs which allow us to upload our own connector rules required for app integrations.

Rule

In IdentityNow, Rules are the configurations which are used to provide additional flexibility where needed. Rules are basically developed using a scripting language called Bean Shell, it is a lightweight scripting language whose syntax is similar to Java.

Based on Execution type rules are divided into two types:

Cloud ExecutionConnector Execution
1)The Rules which are executed in the IDN tenant cloud are called Cloud Execution Rules.
1)The Rules which are executed on virtual Appliance (on premise) are called Connector Execution Rules.
2)There will be a review process for cloud rules to ensure any submitted Cloud Rules meet SailPoint requirements and doesn’t contain code that could harm the system and the only way to upload the rule is through SailPoint.2)Connector Rules are usually extension of the connector itself. These rules are mainly used to implement pre-processing of data and post-processing of data and to manipulate, merge or otherwise transform the incoming data as it’s being read

Rule Deployment Process

As-Is Process

In As-Is Process for deploying Connector Rules on the tenant developer should follow the below steps:

  1. Rule needs to be developed as per the requirements.
  2. Developed rule shall be submitted to SailPoint Expert services for review.
  3. Post review, rule will be uploaded on to the tenant.
  4. In case of any changes required the rule shall be resubmitted to the SailPoint Expert Services.

To-Be Process

In To-Be process the rule can directly be deployed to the IDN tenant using APIs. In case of any changes required/delete the developer can directly use these APIs and make required changes instead of going through tedious process like earlier.

Advantages and Limitations

Advantages

  1. Easy to Deploy – They are Easy to deploy on to the tenant compared to the entire previous process
  2. Faster deployment of rules – Rules will be deployed on the tenant instantly using APIs where old process used to take a minimum of 24hrs
  3. Low Cost from SailPoint Expert Services – Compare to previous methodology, deploying connector rules using APIs has minimal involvement from Expert Services.
  4. Rework is Faster – In case of any changes rather than repeating the entire process, rework is quicker using these APIs.
  5. Faster Integrations – Using APIs, the overall application integrations are faster.

Limitations

The only limitations for these APIs are that these APIs support only connector rule types, but not for the cloud rules as of now.

Connector Rule Rest API Operations

SailPoint Provides us with six APIs to perform connector rule operations mentioned below:

GET, LIST, CREATE, UPDATE, DELETE, VALIDATE are the APIs that are currently used for connector rule operations. A token with ORG_ADMIN authority is required to perform any operation.

Detailed documentation on connector rules APIs can be found here:

https://developer.sailpoint.com/apis/beta/#tag/Connector-Rule-Management

In the following presentation, I will be providing a detailed overview of Rules and Connector Rule APIs

In the following video, I will be providing a detailed demo of the Connector Rule APIs and their operations

SailPoint IdentityNow Ticketing integration with ServiceNow

Ticketing systems form an excessive part of any enterprise’s IT infrastructure. An IT ticketing software, also known as an IT ticketing system, is a software program that enables organizations to resolve their internal IT support queries by managing and streamlining the process of issue resolution.
ServiceNow is a global leader in cloud-based ticketing systems and has been playing a visionary role in ITSM and ITOM.

IdentityNow is a leader in the market for a perfect IAM solution for organizations taking the next step into cloud computing. The product is simpler to tack together than several other IAM solutions in the market, thus additional configuration can be completed without the need for specialist resources. The User interface (UI) is a lot easier to interface for end-users and needs less coaching.
IdentityNow’s Service Integration Module, or SIM integration with ServiceNow, which converts IdentityNow provisioning actions into tickets in ServiceNow.

The following presentation will give the overall idea of ServiceNow service catalog integration with SailPoint IdentityNow and explanation of the use case,

The following is the demonstration and walk through the IdentityNow integration with Servicenow and showcases the integration use case,

Comprehensive Overview of Sailpoint’s IdentityNow

SailPoint has the solution to meet the needs of identity governance that exist in today’s business environments. The solution is available for businesses to easily consume because it’s in the cloud this solution which is IdentityNow. With many features such as User Password Management, Access Certification, Access Requests, Provisioning, Multi-factor authentication, Strong Authentication and Analytics. IdentityNow is a leader in the market for a perfect IAM solution for organizations taking the next step into cloud computing.

The product is simpler to tack together than several other IAM solutions in the market, thus additional configuration can be completed without the need for specialist resources. The User interface (UI) is a lot of easier to interface for end-users and needs less coaching.

Continue reading

Governing G Suite using SailPoint Identity IQ

Identity IQ – G Suite Integration

Office productivity suites comprise the essential set of tools required for an employee’s day to day work. They offer core services to users like email, calendars, shared storage and other tools to create and consume the information. New generation productivity suites understand today’s business needs and are designed to be omnipresent and highly collaborative.

G Suite is Google’s cloud based productivity suite. Being a cloud based solution, it is omnipresent and can be accessed all possible devices. Also, it is highly collaborative in nature. Google’s most popular services like Google mail, calendar, drive, docs, sheets, hangouts are bundled into G Suite. G Suite has been received greatly by organizations of all the sizes and has recorded 5 million organizations by end of 2018. G Suite has quickly climbed up the ladder to become a leader in Gartner’s magic quadrant for 2 years consecutively.

Governing such core cloud based services containing sensitive information is of great importance.

In the following presentation, we provide a detailed overview of G Suite integration with Identity IQ.

G Suite – Identity IQ Integration

In the following video, we provide a detailed demo of this integration.

A detailed demo of G Suite governance with IDENTITY NOW is coming shortly.

SailPoint IdentityIQ SSO Integration with PingFederate

Nowadays, almost every website requires some form of authentication to access its features and content. With the number of websites and services rising, a centralized login system has become a necessity. Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials. PingIdentity’s PingFederate allows the SSO for the enterprises which have the multiple applications and API’s to protect.

PingFederate is the leading enterprise federation server for user authentication and standards-based single sign-on (SSO) for employee, partner and customer identity types.

Continue reading

Bulk Provisioning – Batch Request in SailPoint IdentityIQ

Batch Requests enable you to generate specific types of access requests for more than one user at a time. The required data is gathered from a prepared comma-delimited file for each request type. The batch files require comma-delimited data that represents the individual requests. In most cases the native identity or identity name can be used to specify the request target.

In this presentation, we will be discussing on batch requests in SailPoint IdentityIQ, different methods involved in batch requests, complete explanation on individual types implementation with the Active Directory and Azure Bulk Provisioning.

Bulk Provisioning – Batch Request in SailPoint IdentityIQ
Continue reading