Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo
back

Identity governance and administration

Running the Solution

search

Running the Solution

Running the Solution

As a SailPoint Administrator

Below are the steps to check and verify the account aggregation and to provision/remove application access for a user.

  1. Confirm Accounts, Groups and Applications aggregated successfully in SailPoint IdentityIQ
  2. Add a user to a group in SailPoint IdentityIQ
  3. Remove a user from the group in SailPoint IdentityIQ

Confirm Accounts, Groups and Applications aggregated successfully in SailPoint IdentityIQ

Perform the following steps to verify all the users and their respective groups and applications, are successfully fetched in SailPoint.

  1. Perform the steps in Navigate to Edit the Application section.

  2. On the Edit Application <application name> window, click Accounts.

  3. Under Accounts, search for Aggregated Accounts and verify if the user is assigned with correct groups and application.

    Alt text

Add a user to a group in SailPoint IdentityIQ

  1. On the SailPoint admin console, at the top pane, click the Alt text icon.

  2. Click Manage Access > Manage User Access.

    Alt text

  3. On the Manage User Access window, click the Filters button (next to the search bar) to open the filter options on the same window.

    Alt text

  4. Under Application, select the application that you have created in Step 4(a) of Create a Web Services Application.

    Alt text

  5. Click Apply.

    Alt text

  6. Under Select Users, click Alt text to select the user for which you want to manage the access, and then click Next.

    Alt text

  7. Under Manage Access, perform the following steps to select a group for the application:

    1. Under Add Access, click the Filters button (next to the search bar) to open the filter options on the same window.

    2. In the Entitlement Attribute dropdown, select the groups for application (for example, SafeNet).

    3. Click Apply.

    Alt text

  8. Click Next. All the aggregated groups in the application will be displayed.

    Alt text

  9. Click Alt text to select the group for which you want to provide membership to the user, and then click Next.

  10. Under Review and Submit, click Submit.

    Alt text

  11. On the successful submission, the following message appears:

    Alt text

    Upon approval, a user is provided access to the requested group. The access will be acquired by the SafeNet Trusted Applications corresponding to the requested group.

    Alt text

  12. To execute the following tasks, refer to the Task Execution section.

    1. Account Aggregation task created in Step 4 of Account aggregation tasks section (for example, SafeNet-ac-task).

      The successful execution of this task will aggregate all the users from STA into SailPoint.

    2. Group Aggregation task created in Step 3 of Group aggregation task section (for example, SafeNet-grp-task).

      The successful execution of this task will aggregate all the groups and applications from STA into SailPoint.

    3. Execute task - Perform Identity Request Maintenance.

      The Generic Maintenance task needs to be executed before every Aggregation task.

    4. Execute task - Refresh Identity Cube.

      This task allows SailPoint to refresh the identity cube and remove the deleted accounts, groups and application after each successful aggregation.

      For the new on-boarded users, you can click Schedule to run the task based on a schedule, for example, daily during off hours.

Remove a user from the group in SailPoint IdentityIQ

  1. On the SailPoint admin console, at the top pane, click Alt text

  2. Click Manage Access > Manage User Access.

    Alt text

  3. On the Manage User Access window, click the Filters button (next to the search bar) to display the filter options on the same window.

  4. Under Application, select the application that you have created in Step 4(a) of Create a Web Services Application. (for example,SafeNet), and then clickApply.

    Alt text

  5. Click Alt text to select the user for which you want to manage the access, and then click Next.

    Alt text

  6. Under Manage Access, perform the following steps to remove the access:

    1. Click Remove Access, then click the Filters button (next to the search bar).

    2. Under Entitlement Attribute dropdown, select the groups (for example, groups SafeNet).

  7. Click Apply to see user’s access groups.

    Alt text

  8. Click Alt text corresponding to the group that you want to remove, and then click Next.

    Alt text

  9. Under Review and Submit, click Submit.

    Alt text

  10. On the successful submission, the following message appears:

    Alt text

    Upon approval, a user is removed from the membership of requested group. Hence, access to the SafeNet Trusted Applications corresponding to the requested group is removed.

    Alt text

  11. To execute the following tasks, refer to the Task Execution section.

    1. Account Aggregation task created in Step 4 of Account aggregation tasks section (for example, SafeNet-ac-task).

      The successful execution of this task will aggregate all the users from STA into SailPoint.

    2. Group Aggregation task created in Step 2 of Group aggregation task section (for example, SafeNet-grp-task).

      The successful execution of this task will aggregate all the groups and applications from STA into SailPoint.

    3. Execute task - Perform Identity Request maintenance.

      The Generic Maintenance task needs to be executed before every Aggregation task.

    4. Execute task - Refresh Identity Cube.

      This task allows SailPoint to refresh the identity cube and remove the deleted accounts, groups and application after each successful aggregation.

    For the newly onboarded users, you can click Schedule  to run the task based on a schedule of your preference, like running it daily during off hours

As a SailPoint User

Request Access as a User

Besides the admin, a user can also submit add/remove access request by following the steps below.

  1. Navigate to the SailPoint IdentityIQ login URL, /identityiq.
  2. You will be redirected to your SafeNet Trusted Access sign-in page. Enter your primary directory login information and approve the two-factor authentication. After authentication, you should be redirected to the SailPoint IdentityIQ dashboard.

  3. Click Manage My Access.

    Alt text

  4. On the Manage My Access window, Add Access is selected by default. Click Filters.

    Alt text

  5. Under Entitlement Application, select the application created for Safenet Trusted Access. Refer to step 4a of the Create a Web Services Application in SailPoint IdentityIQ section.

    Alt text

  6. Under Entitlement Attribute, select groups and then click Apply.

    Alt text

  7. From the list, select the groups for which application access is required in STA. Then click Next.

    Alt text

  8. Click Submit to submit your access request. After successful approval cycle, the application access is granted to the user.

    To remove the access of an application, follow the same steps. However, in step 4, select Remove Access.