Professional Documents
Culture Documents
Identities
IdentityIQ Consistent
Sustainable
Entitlements Business Level
Policy Evaluation | Audit | Risk Assessment | Change Controls |
Accounts
Approvals | Workflow | Events & Actions Controls
Data
Change Data Trigger Events
Add or remove
roles/entitlements
Create new
Request, delete, Identity Cube
modify accounts
Filter
Select
Initiate options
access
access based on Plan Workflow Target
and
request requestee/ Resource
submit
requester
Copyright ©© SailPoint
Copyright SailPoint Technologies,
Technologies, Inc.
Inc. 2017.
2017. All
All rights
rights reserved.
reserved. 13
Request Configuration Process
Overview
• Install LCM
• In the console: import init-lcm.xml
• Configure system wide controls (apply to all users)
• LCM Options
• Requestable Items
• Entitlement Catalog
• Roles
• Provisioning Policies (Application/Identity Create)
• Business Processes (Workflows)
• Configure Quicklink Populations
• Who can request
• For whom can they request
• What can they request
• Configure Quicklinks per Quicklink population
Copyright ©© SailPoint
Copyright SailPoint Technologies,
Technologies, Inc.
Inc. 2017.
2017. All
All rights
rights reserved.
reserved. 16
Access Requests Configurations
Fundamentals of IdentityIQ Implementation
Overview
User Driven Access Changes
• Supporting configuration
• Configuring provisioning policies
• Associating workflows
• Configuring Quicklink populations
Default Workflows
Copyright ©© SailPoint
Copyright SailPoint Technologies,
Technologies, Inc.
Inc. 2017.
2017. All
All rights
rights reserved.
reserved. 26
Quicklink Populations
Access:
“gear”Global SettingsQuicklink Populations
Rule
import sailpoint.object.Filter;
return Filter.le(”rec_sec_lev”,requestee.getAttribute(“security_lev”));
Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 34
Knowledge Check
Copyright ©© SailPoint
Copyright SailPoint Technologies,
Technologies, Inc.
Inc. 2017.
2017. All
All rights
rights reserved.
reserved. 35
Configuring Quicklinks:
Manage User Access
Fundamentals of IdentityIQ Implementation
Configuration Overview
Manage User Access Quicklink
• Role requests
• Entitlement requests
• Request for self
• Request for others
• Entitlement is requestable
through LCM
• Default = Requestable
• Displayed in LCM
Copyright ©© SailPoint
Copyright SailPoint Technologies,
Technologies, Inc.
Inc. 2017.
2017. All
All rights
rights reserved.
reserved. 15
Configuring Quicklinks:
Remaining LCM Quicklinks
Fundamentals of IdentityIQ Implementation
Remaining LCM Quicklinks
• Act on connected applications
• Manage Accounts
• Manage Passwords
• Act on IdentityIQ
• Edit Identity
• View Identity
• Create Identity
• All can act on only one requestee at a time
Controlled by Corresponding
Quicklink Population
Add SP Right
Edit Identity SetIdentityForwarding
to capability and
assign capability to
user
View Identity
Manage Accounts
• Quicklink option
• Allow requesting
new accounts
• Quicklink option
• Allow requesting
additional accounts
Conflicting policies
identified
Copyright ©© SailPoint
Copyright SailPoint Technologies,
Technologies, Inc.
Inc. 2017.
2017. All
All rights
rights reserved.
reserved. 39
Next Step?
Practice
Exercises