Running the Solution
As a SailPoint Administrator
Below are the steps to check and verify the account aggregation and to provision/remove application access for a user.
- Confirm Accounts, Groups and Applications aggregated successfully in SailPoint IdentityIQ
- Add a user to a group in SailPoint IdentityIQ
- Remove a user from the group in SailPoint IdentityIQ
Confirm Accounts, Groups and Applications aggregated successfully in SailPoint IdentityIQ
Perform the following steps to verify all the users and their respective groups and applications, are successfully fetched in SailPoint.
-
Perform the steps in Navigate to Edit the Application section.
-
On the Edit Application <application name> window, click Accounts.
-
Under Accounts, search for Aggregated Accounts and verify if the user is assigned with correct groups and application.
Add a user to a group in SailPoint IdentityIQ
-
On the SailPoint admin console, at the top pane, click the icon.
-
Click Manage Access > Manage User Access.
-
On the Manage User Access window, click the Filters button (next to the search bar) to open the filter options on the same window.
-
Under Application, select the application that you have created in Step 4(a) of Create a Web Services Application.
-
Click Apply.
-
Under Select Users, click to select the user for which you want to manage the access, and then click Next.
-
Under Manage Access, perform the following steps to select a group for the application:
-
Under Add Access, click the Filters button (next to the search bar) to open the filter options on the same window.
-
In the Entitlement Attribute dropdown, select the groups for application (for example, SafeNet).
-
Click Apply.
-
-
Click Next. All the aggregated groups in the application will be displayed.
-
Click to select the group for which you want to provide membership to the user, and then click Next.
-
Under Review and Submit, click Submit.
-
On the successful submission, the following message appears:
Upon approval, a user is provided access to the requested group. The access will be acquired by the SafeNet Trusted Applications corresponding to the requested group.
-
To execute the following tasks, refer to the Task Execution section.
-
Account Aggregation task created in Step 4 of Account aggregation tasks section (for example, SafeNet-ac-task).
The successful execution of this task will aggregate all the users from STA into SailPoint.
-
Group Aggregation task created in Step 3 of Group aggregation task section (for example, SafeNet-grp-task).
The successful execution of this task will aggregate all the groups and applications from STA into SailPoint.
-
Execute task - Perform Identity Request Maintenance.
The Generic Maintenance task needs to be executed before every Aggregation task.
-
Execute task - Refresh Identity Cube.
This task allows SailPoint to refresh the identity cube and remove the deleted accounts, groups and application after each successful aggregation.
For the new on-boarded users, you can click Schedule to run the task based on a schedule, for example, daily during off hours.
-
Remove a user from the group in SailPoint IdentityIQ
-
On the SailPoint admin console, at the top pane, click
-
Click Manage Access > Manage User Access.
-
On the Manage User Access window, click the Filters button (next to the search bar) to display the filter options on the same window.
-
Under Application, select the application that you have created in Step 4(a) of Create a Web Services Application. (for example,SafeNet), and then clickApply.
-
Click to select the user for which you want to manage the access, and then click Next.
-
Under Manage Access, perform the following steps to remove the access:
-
Click Remove Access, then click the Filters button (next to the search bar).
-
Under Entitlement Attribute dropdown, select the groups (for example, groups SafeNet).
-
-
Click Apply to see user’s access groups.
-
Click corresponding to the group that you want to remove, and then click Next.
-
Under Review and Submit, click Submit.
-
On the successful submission, the following message appears:
Upon approval, a user is removed from the membership of requested group. Hence, access to the SafeNet Trusted Applications corresponding to the requested group is removed.
-
To execute the following tasks, refer to the Task Execution section.
-
Account Aggregation task created in Step 4 of Account aggregation tasks section (for example, SafeNet-ac-task).
The successful execution of this task will aggregate all the users from STA into SailPoint.
-
Group Aggregation task created in Step 2 of Group aggregation task section (for example, SafeNet-grp-task).
The successful execution of this task will aggregate all the groups and applications from STA into SailPoint.
-
Execute task - Perform Identity Request maintenance.
The Generic Maintenance task needs to be executed before every Aggregation task.
-
Execute task - Refresh Identity Cube.
This task allows SailPoint to refresh the identity cube and remove the deleted accounts, groups and application after each successful aggregation.
For the newly onboarded users, you can click Schedule to run the task based on a schedule of your preference, like running it daily during off hours
-
As a SailPoint User
Request Access as a User
Besides the admin, a user can also submit add/remove access request by following the steps below.
- Navigate to the SailPoint IdentityIQ login URL,
/identityiq. - You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information and approve the two-factor authentication. After authentication, you should be redirected to the SailPoint IdentityIQ dashboard.
-
Click Manage My Access.
-
On the Manage My Access window, Add Access is selected by default. Click Filters.
-
Under Entitlement Application, select the application created for Safenet Trusted Access. Refer to step 4a of the Create a Web Services Application in SailPoint IdentityIQ section.
-
Under Entitlement Attribute, select groups and then click Apply.
-
From the list, select the groups for which application access is required in STA. Then click Next.
-
Click Submit to submit your access request. After successful approval cycle, the application access is granted to the user.
To remove the access of an application, follow the same steps. However, in step 4, select Remove Access.