SailPoint IdentityIQ
SailPoint IIQ is a modern, business-oriented, governance-based identity management solution. After the completion of IAMMP Phase 1 in October 2017, SailPoint IIQ will be used to provide group and role management functionality. In IAMMP Phases 2 and 3, SailPoint IIQ functionality will be expanded to provide additional group and role management features, identity administration and provisioning, password and credential management, risk-based security controls, access request and approval management, access recertification, and enterprise authorization reporting.
Group and Role Management allows an organization to manage application authorizations more efficiently by treating a collection of users who need the same type of application access as a unit. One or more authorizations can be associated to the group or role and users can be assigned to that group or role either by request or automatically based on some attribute they possess (their department, job title, position, etc.).
SailPoint IIQ maintains a hierarchical role model which consists of Business Roles, IT Roles, and Entitlements:
- Business Roles identify affiliations or job functions by which users can be grouped
- IT Roles encapsulate sets of system entitlements
- Entitlements represent individual system authorizations
Roles can be used to:
- Grant various types and levels of access
- Restrict access to sensitive information assets by grouping entitlements in a form that is meaningful to the business
- Grant the minimum privileges required by an individual to perform his/her job
Roles can be requested manually, or they can be configured to be assigned automatically via an assignment rule. Entitlements can also be assigned directly to an identity rather than being mapped to a role.
Group and Role Management features include:
Managing Access via Identity Lifecycle Events is used to automatically assign a role or entitlement based on a change in a person’s status at the university:
- The “Joiner” event represents a new identity joining the University or an identity being reactivated (e.g., new hire, reinstated employee, etc.).
- The “Mover” event represents an identity moving between departments or job functions.
- The “Leaver” event represents an identity leaving the University (e.g., termination, retirement, etc.).
Managing Access via Requests is used when an individual, or a delegate, makes a request for assignment of a role or entitlement to his/her profile. Access requests may necessitate approvals by specific individuals, policy checks, and notifications to interested parties (depending on the access requested).
Administrative Functionality required to support group and roles:
- Role Maintenance is the ability to create, update, and delete a role and/or entitlement which corresponds to permission(s) in an application.
- Reconciliation is the correlation and refresh of identities within SailPoint IIQ based on current authorization information imported from an application. This functionality finds additional or modified entitlement assignments for an identity in the application that were made outside of SailPoint IIQ.
- Certification is the process of certifying the user accounts that exist for an application or certifying the roles and entitlements within the hierarchy of a role.
- Reporting is the ability to generate access reports on a scheduled or ad hoc basis.
SailPoint IdentityIQ is available to current Faculty and Staff at no cost.
Key Metrics
Availability: 99.178%
Please note that this SLA is dependent on other campus SLAs and is adjusted as those change.
Overview
This document defines the service level agreement for Sailpoint IdentityIQ (IIQ).
Service description
SailPoint IIQ is an identity administration and access governance system. One of its principal features is the ability to support group and role-based access management.
Intended users
SailPoint IIQ can be used by campus departments or organizations who wish to leverage group and role-based access controls.
Technical support
Both Tier 1 and Tier 2 technical support is available during normal business hours. Requests will receive an initial response within one business day. The time to implement the customer’s request will depend on the complexity of the request.
Tier 1
End users should contact the UT Service Desk.
UT Service Desk Phone: 512-475-9400
Create a Ticket: help@its.utexas.edu
Tier 2
Departmental support staff and the UT Service Desk may escalate issues to Sailpoint IIQ Administrators. Customers referred to the Sailpoint IIQ Administrators will be contacted within one business day.
Maintenance
ITS will notify customers about both scheduled and unscheduled maintenance using the Alerts and Outages page of service availability and service delivery issues. Services may not be available during the maintenance periods.
Scheduled maintenance occurs on Thursday at 6:30 to 8:00 a.m. Please note that maintenance may not occur on every Thursday. To the maximum extent possible, installation of service, application, and security updates will be performed during scheduled maintenance.
Unscheduled maintenance tasks that require service downtime will be announced as soon as possible on the Alerts and Outages page.
Change notification: ITS will notify customers using the Alerts and Outages page of service availability and service delivery issues for Sailpoint IIQ.
User responsibilities
Users and owners of Sailpoint IIQ protected services agree to be aware of and adhere to the University of Texas at Austin Acceptable Use Policy.
Owners of applications integrated with Sailpoint IIQ agree to:
- Be aware of and adhere to the Sailpoint IIQ Acceptable Use Policy.
- Use Sailpoint IIQ best practices when feasible.