This site requires JavaScript to be enabled
Welcome Guest|
Recent searches
IE BUMPER

SailPoint IdentityIQ Integration Strategies

Number of views : 21
Article Number : KB0016338
Published on : 2021-03-31
Last modified : 2021-03-31 19:24:26
Knowledge Base : IT Public Self Help

The four strategies below are the most common approaches to use when integrating SailPoint IdentityIQ (IIQ) with another application.

  • Read-Only Reporting and Auditing
  • Access Request with Manual Provisioning
  • Access Request with Automated Provisioning
  • Automated Assignment with Automated Provisioning

Strategy 1 – Read-Only Reporting and Auditing

SailPoint IIQ can provide visibility into user accounts and authorizations across an application through the generation of reports. This approach leverages a read-only connection to load the user accounts and their authorizations into SailPoint IIQ.

Benefits

  • Increased visibility for improper or outdated authorizations
  • Relatively simple to implement
  • Read-only connection avoids risk of unintended changes to existing processes and data

Considerations

  • Requires manual remediation of issues discovered with authorizations
  • Does not improve access request, approval, or provisioning processes

Strategy 2 – Access Requests with Manual Provisioning

SailPoint IIQ tracks, manages, and handles approvals for authorization requests by users for themselves or others. After a request is approved, SailPoint IIQ notifies the appropriate person/group to manually provision the requested access.

Benefits

  • Manual provisioning allows the use of a read-only connection which minimizes the risk of unintended changes to existing processes and data
  • Creates a searchable history of all access requests and all approval decisions made for those requests
  • Allows access policies to be defined to reduce instances of improper access being approved and provisioned
  • Allows tracking and auditing of the requested privileges after they have been provisioned or deprovisioned

Considerations

  • All provisioning and deprovisioning requires action by a human actor
  • Depending on the desired roles, access policies, and other business rules, the complexity of this strategy may increase quickly

Strategy 3 – Access Requests with Automated Provisioning

SailPoint IIQ tracks, manages, and handles approvals for authorization requests submitted by users for themselves or others. After a request is approved, SailPoint IIQ grants the requested application access automatically.  

Benefits

  • Reduces the amount of work for administrators of the target application by automating the provisioning process
  • Creates a searchable history of all access requests and all approval decisions made for those requests
  • Allows access policies to be defined that reduce instances of improper access being approved and provisioned
  • Allows tracking and auditing of the requested privileges after they have been provisioned or deprovisioned

Considerations

  • Automated provisioning requires either direct integration between SailPoint IIQ and the target application, or the use of directory groups in TED or Active Directory
  • Depending on the desired roles, access policies, and other business rules, the complexity of this strategy may increase quickly

Strategy 4 – Automated Assignment with Automated Provisioning

SailPoint IIQ automates the process of granting access to users who meet defined criteria (such as having a particular job title in a particular department). SailPoint IIQ automatically performs account and access provisioning in the target application.

Benefits

  • Reduces the amount of work for administrators of the target application by automating the provisioning process
  • Allows tracking and auditing of the assigned privileges after they have been provisioned
  • Reduces the time required for a user to be granted the access they need

Considerations

  • Automated provisioning requires either direct integration between SailPoint IIQ and the target application, or the use of directory groups in TED or Active Directory
  • Depending on the desired roles and business rules, the complexity of this strategy may increase quickly
  • Removes human oversight of individual changes in user access

 

Figure 1: SailPoint IIQ Features by Integration Strategies

 

 

 

 

Thank You! Your feedback has been submitted.

Feedback