Many organizations struggle to fully understand their IAM implementation. Whether you already have an active instance of IdentityIQ (IIQ) at your organization or you’re considering your IAM options, this article will provide high-level oversight of the amazing features offered by SailPoint IdentityIQ.
Implementing SailPoint IdentityIQ
Getting started with an IdentityIQ (IIQ) implementation needs to begin with a planning phase. In this phase, it is critical to identify key objectives and establish success criteria. Obtaining alignment between key stakeholders and implementers is the first key to success.
For example, at GCA, we conduct multi-week IAM assessments to help properly plan priorities in our IIQ implementations.
Connecting IdentityIQ to Applications
At its core, IIQ connects systems and automates processes. IIQ is considered the central hub and frequently has dozens to hundreds of connections with applications at your organization. With application user and entitlement data consolidated in IIQ, organizations can manage the lifecycle of application access.
User Access Requests
In IIQ provisioning, accounts and access rights are at the core of the Lifecycle Manager product. This solution allows users to request access, obtain approvals, and automatically provision access. Access can be requested at the account or entitlement level, and roles can be leveraged to further simplify this process.
Provision Access with IdentityIQ
When a user has had their request for resources approved (like a SalesForce account) IIQ automatically provisions the account to the target application and sets up the appropriate rights in the application.
The Compliance Manager component of IIQ is designed to confirm each user has what they need to perform their job and nothing more. This is known as “least privileged” access. Since IIQ has all of the information about systems and resources users can access, reviewing is made simple.
Password Management with IdentityIQ
In some implementations, IIQ can be used to reset a user’s password in their primary network account system, like Active Directory. IIQ also can handle password synchronization across applications and require users to create password that meet certain complexity requirements. Super admin passwords are encrypted and stored using an internal authentication mechanism to ensure IIQ remains secure.
IdentityIQ is an on-premises solution, although SailPoint does support a cloud deployment model. The project support required will be far-reaching. Each project will need involvement from teams from networking, security, administration, app owners and stakeholders. However, with an experienced service provider like GCA, the extended team requirements will be minimized.
Learn IAM and SailPoint
GCA is a certified SailPoint partner with a team of engineers ready to help you understand your IAM needs. Learn more about GCA’s SailPoint expertise and partner with us today.