Integrate with SailPoint (2024)

capam33

HID_ConfigSailpoint

  • SailPoint STI (Simple Table Integration)

    STI is an extensive SailPoint-specific integration, with configuration required on both sides, resulting in automatic synchronization and workflow. This option requires an integration license option. See the following STI Setup section.

  • SCIM (System for Cross-domain Identity Management)

    SCIM is an application-level REST protocol for managing user identity data between domains. The

    PAM

    REST API includes a SCIM section, including several undocumented SailPoint-specific extensions. For information about enabling the REST API, see Connect with SCIM API. For information about the SCIM standard, see http://www.simplecloud.info/. For information about the SailPoint side of the integration, see the SailPoint documentation. The STI configuration is not necessary when using SCIM.

Clustering

When

Privileged Access Manager

is clustered, users should connect to the cluster Primary Site VIP rather than an individual server. The VIP address provides availability in case the server that was originally configured for SailPoint is unavailable.

STI Setup

Privileged Access Manager

populates SailPoint integration tables with

Privileged Access Manager

Users (with current Role and User Group assignments), Roles, and User Groups.

Privileged Access Manager

Roles and User Groups are imported by SailPoint to be defined as Entitlements.

Privileged Access Manager

Users are imported and made into IdentityIQ Users in SailPoint. Whenever changes occur within

Privileged Access Manager

, these tables are updated on a configurable interval.

Configuration

For the SailPoint configuration options to appear, the SailPoint integration option must be licensed.SailPoint STI uses port 3306 to communicate with

PAM

.

To configure SailPoint integration in

Privileged Access Manager

, follow these steps:

  1. Go to

    Configuration

    ,

    3rd Party

    ,

    SailPoint

    .
  2. Enter the

    Database User

    , and

    Database Password

    .The password is used in SailPoint configuration, which follows.
  3. Set the

    Update Interval

    , in seconds. This value determines how often

    Privileged Access Manager

    checks for incoming SailPoint requests, exports relevant data to SailPoint.
  4. For

    SailPoint Whitelist

    , enter at least one SailPoint server address. These addresses are the only connections to allow for SailPoint integration. Validentries are IP address, hostname, and FQDN values.
  5. Select

    Save

    to save your settings.
  6. Select

    Install

    to set up the SailPoint integration Tables. The installation is only done once. This button is enabled if SailPoint is licensed, and disabled again once the installation is complete.
  7. Select

    Download

    to acquire a zip file of the

    Privileged Access Manager

    SailPoint application. Use this file during the configuration of the SailPoint side of the integration. Unzip this file and save CAPamConfiguration.xml in a location accessible by your SailPoint application.
  8. The

    Import

    button is optional. You can manually direct

    Privileged Access Manager

    to read the provisioning queue. Import is also automatically done according to the Update Interval setting.
  9. The

    Export

    button is optional. You can manually direct

    Privileged Access Manager

    to populate the SailPoint tables. Export isalso automatically done according to the Update Interval setting.

SailPoint Configuration

Before you configure the integration in SailPoint IdentityIQ, ensure that these prerequisites are met:

  • Install the LCM (Lifecycle Manager) module for SailPoint

  • Install the STI(Simple Table Integration) integration for SailPoint

To configure the integration in SailPoint, follow these steps:

  1. In SailPoint IdentityIQ, select the configuration gear icon and select

    Global Settings

    .

    The Global Settings page appears.

  2. Select the

    Import from File

    option in the lower right.
  3. Select

    Choose File

    under

    Import Objects

    . Select CAPamConfiguration.xml, which you downloaded during the

    Privileged Access Manager

    configuration.
  4. Select

    Import.

  5. Under

    Applications

    ,

    Application Definitions

    , selectthe

    CAPam

    application.

    The

    Edit Application CAPam

    page appears.
  6. Select the Configuration tab.

  7. Under

    Settings

    , enter the correct

    Connection Password

    , which was not provided in the configuration XML file. Thispassword is the password that you entered in step 2 of Privileged Access Manager Configuration.
  8. Scroll down to

    Object Type: usergroup

    . Under

    Settings

    ,enter the correct

    Connection Password

    .
  9. Scroll down to

    Object Type: role

    . Under

    Settings

    ,enter the correct

    Connection Password

    .
  10. Scroll down to

    Object Type: group

    . Under

    Settings

    ,enter the correct

    Connection Password

    .
  11. Scroll to the bottom of the page and select

    Test Connection

    .

    "Test successful" appears. If not, edit the passwords.

  12. Select

    Save

    to save your changes.

For your specific SailPoint IdentityIQ configuration, you can change the default provisioning policies that are provided by

Privileged Access Manager

. Inspect these settings to determine if you must change them.

  1. Under

    Configuration

    , select

    Provisioning Policies

    .
  2. Under

    Object Type: account

    , for the

    Create

    Type, select

    User

    .

    The

    Attributes

    for User appear.
  3. Select an Attribute, such as

    lastName

    . See Operations and Attributes for a list of the supported operations and attributes.

    The

    Edit Options

    appear on the right.
  4. Select

    Value Settings

    . The value for

    lastName

    can be a static Value, be Dependent, be determined by a Script, or be determined by a Rule.
  5. If you want to save you changes, select

    Save

    .
  6. On the

    Edit Application CAPam

    ,

    Password Policy

    page, configure a default password policy that follows the default password policy set for

    Privileged Access Manager

    users.

Operations and Attributes

The following operations and attributes are supported for SailPoint integration. The listed attributes must be associated with a rule or value in a Provisioning Policy in the SailPoint

CAPam

application for attributes to sync. The

CAPam

application is configured with some default values, but clients might need to adjust these settings.

Create a User

To create a user with the "

local

"

authType

, all the listed attributes are required. To create a user with the "

cac

"

authType

, none of the listed attributes are required.
  • firstName

    : User first name
  • lastName

    : User last name
  • email

    : User email address
  • password

    : User password
  • authType

    : supported values are

    local

    or

    cac

    (for smartcard users)
  • IIQDisabled

    :

    true

    if user is disabled, or

    false

    if user is enabled
  • Roles

    and

    User Groups

    are assigned as

    Entitlements

    .

Modify a User

To modify a user, all attributes are optional.

  • firstName

    : User first name
  • lastName

    : User last name
  • email

    : User email address
  • password

    : User password
  • authType

    : supported values are

    local

    or

    cac

    (for smartcard users)
  • IIQDisabled

    :

    true

    if user is disabled, or

    false

    if user is enabled
  • Roles

    and

    User Groups

    are assigned or removed as

    Entitlements.

Delete a User

  • No attributes

Aggregation Tasks

As part of the

CAPam

application setup in SailPoint, aggregation tasks are defined to SailPoint to collect the user and entitlement data from

Privileged Access Manager

. These tasks should be scheduled to execute regularly to keep this data in sync with

Privileged Access Manager

.

Follow these steps:

  1. From the main SailPoint menu, select

    Setup

    ,

    Tasks

    .

    Two Tasks are set up by the initial configuration:

    • CAPam Account Aggregation

      regularly reads the

      Privileged Access Manager

      User table to keep in sync with Users and their entitlements
    • CAPam Group Aggregation

      reads

      Privileged Access Manager

      User Roles and Groups and creates SailPoint Entitlements from them.
  2. To schedule a task, right‐click and select

    Schedule

    from the drop‐down list to display the New Schedule dialog.
  3. Select the

    Scheduled Tasks

    tab to edit schedules. You can select the

    Run Now

    box on the

    Edit Schedule

    tab to run the Task immediately.
  4. To see a list of SailPoint entitlements, go to the main menu,

    Applications

    ,

    Entitlement Catalog

    .

Workflow Example

Once everything is configured in

Privileged Access Manager

and SailPoint IdentityIQ, the following example of the integration workflow is valid. This example shows a SailPoint user making a provisioning request for a

Privileged Access Manager

user.

  1. In SailPoint, go to

    Home

    , and select

    Manage User Access

    .

    An IdentityIQ user list appears under the

    Select Users

    tab.
  2. Select a User and select the

    Manage Access

    tab.
  3. Select

    Filters

    on the right.

    The

    Filter Access

    panel appears.
  4. From the

    Entitlement Application

    drop-down list, select

    CAPam

    , and

    Apply

    .

    The Roles and User Groups that are imported from

    Privileged Access Manager

    appear as Entitlements.

  5. Select a User Group or Role as an Entitlement. Select the

    Review

    tab at the top of the page.
  6. If the listed

    Add Access

    Entitlements are correct, select

    Submit

    at the bottom of the page.

    The Home page appears with a Success message at the top of the page.

  7. SailPoint send this data to

    Privileged Access Manager

    as a provisioning request.

  8. In

    Privileged Access Manager

    , go to

    Users, Manage Users

    , and find the new (or updated) User.

    The User should have the matching information, including Roles and Groups, as applicable.

  9. The User should be able to log in to

    Privileged Access Manager

    with the appropriate entitlements.

  10. An Aggregation Task runs in SailPoint, reading the information in the

    Privileged Access Manager

    integration tables,

    This Task closes the loop on the operation.

Activity Log

The

Activity Log

displays information about every action pertaining to the SailPoint integration. Create, delete, and update actions, their source, time, and results are listed. To view the Activity Log, follow these steps:
  1. Go to

    Configuration

    ,

    3rd Party

    ,

    SailPoint

    .
  2. Select the

    Activity Log

    tab.
  3. The log table is sortable by clicking column headings. You can filter data using the controls above the headings.

    The

    Info

    column provides error messages, if applicable.
Integrate with SailPoint (2024)
Top Articles
Artur MacLellan on LinkedIn: This is absolutely insane 💥 OpenAI's new beta offering, SearchGPT, is…
Fri. AM TNT News Articles from Iraq 8-9-24
Ffxiv Act Plugin
Sound Of Freedom Showtimes Near Governor's Crossing Stadium 14
Euro (EUR), aktuální kurzy měn
Paris 2024: Kellie Harrington has 'no more mountains' as double Olympic champion retires
Affidea ExpressCare - Affidea Ireland
Undergraduate Programs | Webster Vienna
A Complete Guide To Major Scales
Sissy Transformation Guide | Venus Sissy Training
123 Movies Black Adam
Boat Jumping Female Otezla Commercial Actress
All Obituaries | Ashley's J H Williams & Sons, Inc. | Selma AL funeral home and cremation
Tiger Island Hunting Club
Craigslist Jobs Phoenix
Thayer Rasmussen Cause Of Death
What is the difference between a T-bill and a T note?
Bernie Platt, former Cherry Hill mayor and funeral home magnate, has died at 90
Reddit Wisconsin Badgers Leaked
Nonne's Italian Restaurant And Sports Bar Port Orange Photos
Ostateillustrated Com Message Boards
Free Online Games on CrazyGames | Play Now!
2020 Military Pay Charts – Officer & Enlisted Pay Scales (3.1% Raise)
Erica Banks Net Worth | Boyfriend
About My Father Showtimes Near Copper Creek 9
Happy Homebodies Breakup
Boxer Puppies For Sale In Amish Country Ohio
Hellraiser 3 Parents Guide
Phantom Fireworks Of Delaware Watergap Photos
Wood Chipper Rental Menards
WRMJ.COM
Copper Pint Chaska
Bfsfcu Truecar
How Do Netspend Cards Work?
Publix Coral Way And 147
DIY Building Plans for a Picnic Table
Mia Malkova Bio, Net Worth, Age & More - Magzica
Used 2 Seater Go Karts
Tmj4 Weather Milwaukee
47 Orchid Varieties: Different Types of Orchids (With Pictures)
Emerge Ortho Kronos
Henry County Illuminate
8 Ball Pool Unblocked Cool Math Games
Armageddon Time Showtimes Near Cmx Daytona 12
Iupui Course Search
5103 Liberty Ave, North Bergen, NJ 07047 - MLS 240018284 - Coldwell Banker
Costner-Maloy Funeral Home Obituaries
The Hardest Quests in Old School RuneScape (Ranked) – FandomSpot
Okta Hendrick Login
Frank 26 Forum
Tamilyogi Cc
Jesus Calling Oct 6
Latest Posts
Article information

Author: Aracelis Kilback

Last Updated:

Views: 6207

Rating: 4.3 / 5 (44 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Aracelis Kilback

Birthday: 1994-11-22

Address: Apt. 895 30151 Green Plain, Lake Mariela, RI 98141

Phone: +5992291857476

Job: Legal Officer

Hobby: LARPing, role-playing games, Slacklining, Reading, Inline skating, Brazilian jiu-jitsu, Dance

Introduction: My name is Aracelis Kilback, I am a nice, gentle, agreeable, joyous, attractive, combative, gifted person who loves writing and wants to share my knowledge and understanding with you.