Integrating CyberArk with SailPoint using SCIM

Privileged accounts are considered to be “keys to the kingdom” in any IT Infrastructure. Almost every cyber attack that has ever happened involved compromises at the privileged account level. PAM Solutions usually help in managing such accounts, keys or files that would lead to escalated access.

CyberArk is the global leader in PAM solutions with a holistic approach towards privileged account management. It covers not only traditional PAM problems but also extends its capabilities with various features like managing hard-coded application credentials, analytics, on-demand privileges escalation and managing end-user devices like desktops.

Securing and streamlining identity and privileges data present with such solutions is of very high importance.

In the following presentation, we provide a detailed overview of CyberArk integration with SailPoint by integrating Cyberark as a SailPoint’s application.

In the following video, we provide a detailed demo of this integration.

SailPoint’s IdentityIQ Integration with Okta

In the world of Identity Management, securing and monitoring the access for the external users like partners, contractors and customers who have access to organizational resources have always been a challenge for many organizations. To mitigate and help the organizations to secure their resources two big Identity management products partnered together in February 2018. Okta and SailPoint announced a strategic partnership to provide an end-to-end identity for the enterprise – helping organizations balance providing simple, secure user access while meeting complex compliance and security requirements.

Benefits of the Combined Solutions

• Effectively manage user identities’ authentication, application assignments, while ensuring all governance and compliance requirements are met.

• Authenticate user access with single sign-on and multi-factor authentication.

• Ensure that for sensitive applications, only the right user has access, authorization policies are enforced, and the process is documented, timestamped and compliant.

• Automate provisioning throughout the user lifecycle by simplifying processes for creating, modifying and revoking access.

• Automate provisioning of applications adherent to corporate policies.

• Trigger provisioning workflows from authoritative sources, such as Active Directory or HR systems, to ensure consistency and increase efficiency.

Below presentation demonstrates Okta, IdentityIQ, SSO Concepts, Importance of SailPoint’s IdentityIQ integration to achieve SSO. The presentation is followed by a demo.

Okta and SailPoint IIQ Integration

Demo of SailPoint’s IIQ and Okta Integration.

 

Sailpoint IdentityIQ Integration with Oracle E-Business Suite

Oracle E-Business Suite is the most comprehensive suite of integrated, global business applications that enable organizations to make better decisions, reduce costs, and increase performance. All large enterprises use ERP systems for managing and optimizing enterprise-wide business processes. ERP systems like Oracle E-Business Suite are mission-critical which processes a huge amount of business-critical data.

Oracle EBS includes the company’s enterprise resource planning (ERP) product as well as Oracle Human Resources Management System (HRMS), Oracle Financials, Oracle Order Management and customer relationship management (CRM) applications. Each application is licensed separately enabling organizations to select the combination best suited for their business processes.

The Sailpoint Oracle E-Business connector is designed to aggregate user and entitlement data from the Oracle E-Business Suite, and provision user accounts.The Oracle EBS connector only targets APPS schema tables according to Oracle standards.

Sailpoint Connector for EBS User Management Aggregates and provisions EBS user accounts along with their role and responsibility assignments. It helps EBS customers to achieve compliant user administration by enforcing the Segregation of Duties (SoD) policies in real-time during role and responsibility grants.

In this presentation, we are going to see how the Sailpoint IdentityIQ is an innovative identity Governance solution that reduces the cost and complexity of both complying with regulations and delivering access to Oracle E-Business Suite users.

 

 

 

The Following Demo presents the use case of  Birth Right Provisioning and Implementing Security in Oracle E-Business Suite using Role Based Access Control.

 

Service Now Queue User Administration via SailPoint Identity IQ

The SailPoint ServiceNow Connector manages ServiceNow accounts, groups, and roles. It supports provisioning and aggregation for ServiceNow accounts and groups.

ServiceNow Connector supports configuration of multiple applications of different ServiceNow versions on same IdentityIQ. ServiceNow Rest API supports Basic and OAuth2 methods of authentication.

Under IT Service Management, Its Queue management and administration is based on roles and services assigned to a user.

SailPoint Service Catalog Integration: The integration between SailPoint and ServiceNow allows users of both systems to easily navigate from ServiceNow into IdentityIQ.

In the following presentation, ServiceNow Queue Administration using Sailpoint IdentityIQ is explained and overview of SailPoint Service Catalog Integration using MID Server.

This following demo is based on ServiceNow Queue User Administration using Sailpoint IdentityIQ with all the approval modes (serial, parallel, serialpoll, parallelpoll and any).

eMail Configuration in Sailpoint IdentityIQ

eMail communication has revolutionized the way we communicate. A tool/facility introduced for simple communications is now considered more formal and legal. For a long time deep linking, in simple terms, embedding buttons with logic to provide email based decisions has been prevalent.

There is nothing better than sending a direct link to a page where one needs to take an action, in an email. Especially for something which needs urgent attention.

 

Sailpoint’s IdentityIQ provides the functionality to notify users through Emails. We may also have Emails with embedded URL which provides direct access to pages in IdentityIQ.

In the following presentation, a detailed overview of Email Configurations and use of Emails in IdentityIQ is presented.

Following is the demo on Email notifications with URLs embedded in mails, which provides direct access to pages in IdentityIQ.