Hello,
For applications that do not have an out of box connector, but the provisioning is based on AD groups, what is the best way to get that application connected?
Thanks,
Lakshmi.
@Laks Create Application and assign the AD groups to that Application.
1 Like
For apps that do not have an out-of-box connector and use AD groups for access, the best way to integrate them into SailPoint ISC is:
Use SailPoint → AD connector → AD groups → Application
instead of connecting SailPoint directly to the application. you can use:-
- AD groups as entitlements
- Access Profiles to bundle them
- Roles or Access Requests for granting
- AD provisioning as the enforcement mechanism
1 Like
What you are looking to use are considered Access Applications in ISC. The documentation for these can be found here: Configuring Access Applications - SailPoint Identity Services
This will use Access Profiles with the Entitlements (AD Groups in your case) on the Source System (AD in your case) to allow provisioning of the access. The Access Profile can then be attached to the Access Application, which will have the common name of the application that the users understand.
So if a users needs to request access to the Application, such as Box, they can go to request center and select it, and the system will know that when it is approved, to provision the Access Profile associated with it, which will provision the AD group
3 Likes
Hi Geoff, Thanks for your response. I understood on how to add access profile and have a user get access to the access profile via request center. How do we request for removal of access via request center for the same entitlement?
It should be the same as requesting or removing other access from the Request center.