Sailpoint IIQ – Identity IQ
Some notes from the field
- Workflows are Developer friendly, not admin friendly. Steep learning curve for IIQ Workflows.
- Access Certifications – Access certifications are one of the best features in IdentityIQ. You will be able to approve and extend employee’s access to different applications periodically and it reduce the risk of unnecessary long time accesses to the applications.
- RBAC -Role-base access control feature in IdentityIQ. It helps you to find out the existing roles in the systems and assign access to those roles.
- Directory Services Missing – IdentityIQ does not have a directory service built in, it is dependent to other directories.
Having Single Sign on would be a great improvement. - IQ Connectors – Although they are adding more and more connectors to IdentityIQ, several apps currently lack connectors.
- Password Workflow – It’s great for people who forget their Windows password a lot, especially if you have a password policy that requires constant changes. IIQ allows the user to select “forgot password?” on the Windows login.
- Admin Ease of Password Management – It’s great for administrators because now they can admin a user’s accounts all in one spot instead of keeping records across several pieces of software.
Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.
Anuj Varma – who has written 1214 posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.
Hi Buddy,
Thank You so much for this blog.
It helped me lot . I am a Technical Recruiter by profession and first time working on this technology was bit tough for me, this article really helped me a lot to understand the details to get started with.
Excellent tutorials – very easy to understand with all the details. I hope you will continue to provide more such tutorials.
Obrigado,
Ramesh
Hello Anuj,
Very cool to see your post come up when I was searching this topic!
We are using IIQ 7.2 and configured SSO with ADFS. It is working fine when we return identity object from SSO rule. However, we have e-signatures also in our environment and that’s why we enabled pass-through authentication with AD. E-signature works fine if identity name matches with one of the attributes listed in authSearchAttributes of pass-through authentication Sailpoint idm training application but it throws authentication failed when identity name does not match with any of those attributes. I am guessing that is because when user tries to sign-off, user name field is automatically populated with identity name. So, based on the following article, we thought of returning link object from SSO rule instead of returning identity object.
Very useful article, if I run into challenges along the way, I will share them here.
Muchas Gracias,
Abhiram