Identity Governance and Administration (IGA) solution offered by SailPoint IdentityIQ is to be strategized in line with Identity Provider (IdP) solution of SafeNet Trusted Access.

In STA, a user’s access to a particular application is derived on the basis of either all users or group membership assigned to a user. To derive the same access managed from SailPoint IdentityIQ, STA group’s serves as an entitlement definition. However, it is required that for each application in STA, a corresponding unique group must also exists in STA.

The following diagram illustrates the solution overview:

To use SailPoint as an IGA solution over STA, perform the following steps:

1. Sync a single directory group containing all the users that you want to coincide in SafeNet Trusted Access by using SafeNet Synchronization Agent.

2. Create unique internal groups corresponding to each application in your STA tenant. For example, if the application is Application1, its access offering group should be SP_Application1.

   This can be achieved by using a rule created in SailPoint, which will ensure to create and assign a <SP_Application> group for each application respectively. The same rule also ensures that UserPortal remains assigned to all the users.

3. Aggregate the Applications, Users, and Groups in SailPoint.

4. Set the rule in SailPoint to make directory synced group non-requestable.

5. Manage application access through SailPoint by adding/removing new group membership for users.

   If an <Application> is deleted from STA, its corresponding group <SP_Application> remains in SafeNet Trusted Access (STA), hence it is required to remove the group manually and run the group aggregation task in SailPoint.