Identity IQ Introduction Part-1

Sailpoint Identity IQ is a powerful identity security solution provided to the enterprise such as

• Operational efficiency:Automates Identity and Access Processes

• Existing System Integration:This can integrate with existing IT systems and applications

• Identity access management(IAM): Controls and secure user access

• Compliance and Security: Meets industry standards and regulatory policies

Identities

Identities represent the user who have access to your corporate systems and data.

Identity Cube

1. Identity Iq represents each user with an identity cube

2. It Stores all the data collected and used by IdentityIQ for a single user, including identity attributes, enterprise accounts and the type of access held by user

Understanding the Big Picture

Managing identity in an organization is like managing a gym. You have different roles (members, trainers, admin staff), rules for access, and systems that ensure people get the right permissions.

At the center of everything is Integrated, Normalized Identity Data, which acts like your gym's central database that keeps track of every person and their permissions.

---

1. Business Roles & Business Policy (Who gets access and how?)

• In the gym, different people have different roles: members, trainers, receptionists, and managers.

• Business Roles define what each role can do. For example:

  • Members can use gym equipment and book fitness classes.

  • Trainers can train members and access fitness plans.

  • Managers can access all systems, including payments and memberships.

• Business Policies define the rules behind these roles:

  • A trainer should not have access to payment details.

  • A manager can view financial records but cannot change gym workout plans.

  • If a membership expires, the member should not access gym facilities.

---

2. Integrated, Normalized Identity Data (The brain of the system)

• This is like your gym’s central membership database that keeps track of everyone.

• It takes inputs from business roles and business policies to make sure each person has the right level of access.

• It integrates all sources of identity data (sign-up forms, payments, trainer schedules) into a single place.

• Example: If a member switches from a basic membership to a premium one, their data is updated, and now they can access VIP workout sessions.

---

3. Compliance Manager (Making sure rules are followed)

• Think of this as a security guard at the gym.

• Its job is to ensure that the right people have the right access and that no one is violating policies.

• Example:

  • If a former employee tries to enter the gym after their contract ends, the security system should block their entry.

  • If a member tries to enter the VIP section without an upgraded membership, they should be denied access.

---

4. Lifecycle Manager (Managing changes over time)

• This is like your gym’s membership system that automatically grants and revokes access as people join, upgrade, or leave.

• It works with the business roles and business policies to ensure that when:

  • A new member joins the gym, they automatically get access to the gym floor.

  • A trainer resigns, their system access is revoked immediately.

  • A member’s subscription expires, their card access stops working.

---

5. Correlation Rules (Making sure identities are linked across all systems)

• This is like matching member records in different gym systems.

• Example:

  • A member uses an online fitness app and also books personal training sessions.

  • The correlation rules ensure that both accounts are linked so that their workout history is available in both places.

  • If a member cancels their subscription, their profile is deactivated everywhere.

---

6. Apps, Directories, Databases, and Cloud Infrastructure (Where identities are stored and used)

• These are the different systems where identities are used.

• Example in the gym:

  • Apps: The gym’s mobile app where members book classes.

  • Directories: The check-in system at the entrance that verifies membership.

  • Databases: The backend where all membership details are stored.

  • Cloud Infrastructure: Online payment and scheduling systems.

---

How Everything is Connected

1. Business Roles & Policies define access rules.

2. Integrated Identity Data ensures every person has correct permissions.

3. Compliance Manager checks if rules are followed.

4. Lifecycle Manager updates access when a person joins, changes roles, or leaves.

5. Correlation Rules link a person's identity across all systems.

6. Apps, Directories, Databases, and Cloud Infrastructure are where all this identity data is stored and used.

---

Real-Life Example

Imagine Netflix:

• When you sign up, you get access to basic content.

• If you upgrade to premium, you get access to 4K streaming.

• If you cancel your subscription, your access is revoked.

• Netflix uses identity management to ensure your account is linked across mobile, smart TV, and browser.

• If someone tries to access Netflix from multiple locations, it applies compliance rules to prevent account sharing.

---

Conclusion

This entire system automates identity and access management, ensuring security, efficiency, and compliance. Whether it's a gym, Netflix, or a corporate organization, identity management helps give the right people the right access at the right time.

Access Requests

Understanding Each Block in the Image:

1. Request for Others

• This means a person (e.g., a manager or admin) can request access for someone else.

• Example: A manager requests access for a new employee to the company’s HR system.

2. Request for Self

• This means a person can request access for themselves.

• Example: A software developer needs access to a GitHub repository, so they request access.

3. Filter

• Filters are used to ensure that only valid access options are shown.

• The filtering depends on:

  • Who is requesting? (E.g., a manager might see more access options than a regular employee.)

  • Who is the request for? (Some systems might only be accessible to specific roles.)

• Example: A salesperson will only see CRM system access options, while a developer will see access options for coding tools.

4. Select Access & Submit Request

• Once filtering is done, the requester selects the specific access they need and submits the request.

• Example: A finance team member selects "Access to Accounting Software" and submits the request.

5. Plan

• This step involves validating and preparing the request for processing.

• The system checks:

  • If approval is needed.

  • If the access violates any policies.

  • If the request can be auto-approved.

• Example: If a junior employee requests access to confidential financial data, the request might require manager approval.

6. Workflow

• This is the process automation engine that:

  • Performs necessary approvals.

  • Sends notifications for review.

  • Activates the provisioning system to grant or deny access.

• Example: If an IT Admin approves a request for VPN access, the workflow will trigger automatic provisioning to allow remote access.

7. Perform Request Appropriate Actions

• After approval, the system automatically executes actions to grant access.

• Example: If someone is granted access to a cloud database, the workflow:

  • Adds them to the correct Active Directory group.

  • Configures permissions in the cloud.

  • Sends an email confirmation to the user.

8. Activate Provisioning Broker

• This is the final step where the user is granted access to the requested system.

• Example: If a developer is granted access to AWS, the provisioning system:

  • Creates a user profile.

  • Assigns appropriate roles and permissions.

  • Sends login credentials.

---

How the Flow Works (Step-by-Step)

1. A user or manager requests access (for themselves or someone else).

2. The system filters options based on the role of the requester/requestee.

3. The user selects the access they need and submits a request.

4. The system validates and plans the request.

5. The workflow processes approvals (manual or automatic).

6. If approved, the system executes the necessary actions.

7. The provisioning system grants access to the requested resource.

---

Real-World Example (New Employee Joining a Company)

Imagine John, a new employee at an IT company, joins as a software developer. He needs access to:

• The company’s GitHub repository.

• The JIRA project management tool.

• The Slack team workspace.

Step-by-Step IAM Process:

1. John requests access for himself to GitHub and JIRA.

2. The system filters available access based on his role (Software Developer).

3. He selects GitHub and JIRA access and submits the request.

4. The system checks policies (e.g., Does John need manager approval?).

5. If approval is needed, John's manager gets a notification.

6. Once approved, the workflow triggers the provisioning system.

7. The system automatically grants access and sends John an email with login details.

---

Conclusion

• This system ensures security and efficiency by granting access based on business policies.

• It eliminates manual work by automating the approval and provisioning process.

• Helps prevent unauthorized access, ensuring only the right people get the right access at the right time.