MyApprovals Plug-In

 I have observed some problems with SailPoint Approvals. Listed below with details. 

- We need to click every approval to take decision on each work item. 

Let's suppose, if a team is requesting access for the new application, then approver has to click each item and wait till it gets completed. Just imagine if there are 50 members requesting access for 10 applications. 

- If suppose, the approver requires some justification about the access. It might be purpose of access, info about profile/entitlement then there is no way other than contacting them personally. This information is not captured for audit. 

So, How we can resolve these problems?

I have concluded to implement a plugin which will resolve the above problems and with enriched GUI. 

I will share the implementation details soon. 

I will share the plug in upon request :) 

Thank you 

One click access reviews - Manager

Dear All,

Welcome again!!!

I would like to describe about our latest implementation of "One click access reviews". Please do not get scared with the name, this is self service option instead of giving access to certification pages to non admins.

Idea is to launch access reviews with minimal steps for selected criteria. Its a general use case, every one used to launch Access Reviews on department/location/company/section basis. We don't have OOB process/options to launch manager access reviews for specific people.

Please follow the below steps to develop a process:

1. Configure an advanced certification as per your requirements, schedule the AR with future date.
    - Exclusion rule
    - PreDelegation Rule
    - Reminders
2. Develop a form
3. Invoke the form from a workflow, We need a workflow here.
4. Next step after form submission:
    - Create populations for selected criteria
    - Add the population in cloned Certification definition.
    - Trigger/Schedule the certification as per the form inputs.

Please add your comments if any help/code snippets are required.

Multiplexing of Active Directory Apps

Dear All,

Good day to every one!!!

Business used to say that we have huge number of Active Directory applications need to be onboarded. In fact, we need to onboard apps for same target application. It means that When we are requesting for access first time for any new application, the process should not create new AD account. It should add the requested access to existing AD application.

Each application is supposed to be fetch accounts of specific groups. We will need to implement a customization rule to filter out other groups. These list of groups need to be configured in one place. either in application/custom object.

All types of operations, such as Create, Modify, Disable, Delete should be converted as Modify AD Account. We will need to implement this logic in Before provisioning rule.

Remaining configurations are unique(Depends on single org solution/regional solution).

Now, follow below steps to on board thousands of AD apps in minutes.

1. Prepare one AD application template
2. Add rule for all possible customizations to apply the changes to all apps in one go. This is for future enhancements.
3. Implement customization rule, to fetch groups from application/custom object.
4. Implement a before provisionig rule to convert the provisionig plan operation from create to modify.
5. Add provisioning policies in the application.

Step 2:
6. Create one csv file in below format
     "App Name", "memberOf"
7. Develop a custom task to clone the application template, to set the consolidated "memberOf" values from csv file to application/custom object.

Now process is ready, here you go.

Introduction

Hi Friends,

I'm Anil Bandamudi, started working on sailpoint IdentityIQ in Jan 2010. I have experience on web applications development and also sun identity manager implementation before coming to this product implementation.

The Sun IDM experience is the plus in getting the knowledge on sailpoint product. I have installed identity IQ 3.0 p18 version in my machine to start knowing on this product. Actually we don't have much documentation in starting days about features and real time usage. We analysed it later. I'm listing some of the important items

Authoritative resource and non authoritative resource
Aggregation
Correlation
Certification

the above 4 items are nothing for the experienced guys on this product. of course, but as part of our Research and development we concerned on the following

• what is the flow
• where to start the process and what are the steps in identity life cycle
• what are the types of resources and their connectors
• how should we modify the actual data before creating/correlating identity. 
• what are the advantages of this product over sun IDM(not only sun, we have CA,novel, tivoli and so many products -- I mentioned sun idm bcoz I have some experience on this product)

I'll write brief explanation about these in next post

Have a great day!!!!!

SailPoint Identity IQ

SailPoint IdentityIQ


SailPoint IdentityIQ is an innovative, business-oriented solution that tackles one of the toughest challenges any organization faces today: enforcing security policy, maintaining stringent identity and access controls and addressing compliance requirements – all while meeting growing demands for faster and higher levels of service delivery. IdentityIQ automates compliance management and end-to-end user lifecycle management, leveraging a unified risk, policy and role model for the most complete, secure identity management platform available today.

Managing the Business of Identity

SailPoint is helping some of the world's largest organizations to mitigate risk and reduce IT and compliance costs while still meeting the highest standards of corporate governance. By integrating the functionality of identity compliance with user lifecycle management and applying a consistent governance model to every action, SailPoint IdentityIQ offers the most complete, business-oriented solution for identity management.