Overview
SailPoint recently introduce a handful of SaaS connectors for Identity Security Cloud that allow the aggregation and correlation of third party risk scores. One of the use cases for these scores is to target high risk identities for certification. Configuring a risk-based access review is straightforward.
Prerequisite:
- SaaS risk connector deployed (CrowdStrike, Proofpoint, or Elevate)
- An identity profile configured with an attribute defined and mapped to a score attribute sourced from the earlier connector (in the following example, the attribute name is ‘crowdstrikeRiskScore’)
Step 1 - Navigate to the ‘Search’ UI in ISC, select the ‘Certification Campaigns’ navigation option on the left side of the screen, and then click the ‘New Campaign’ button.
Step 2 - On the ‘What do you want to certify in this campaign’ screen, select ‘Identities’.
Step 3 - On the next screen, select the ‘All Identities Returned by a Query’ option.
Step 4 - Enter your query to search for high risk users into the query box on the ‘Choose Identities with a Query’ screen. This query is based on your attribute defined on your identity profile.
Step 5 - Click the magnifying glass button and confirm the search returns the expected/desired identities. Then click the ‘Certify These Identities’ button.
Step 6 - On the next screen, you have the option to certify all access or narrow down the scope of the certification contents.
Step 7 - Now you’re in familiar territory, configuring some basic options for the certification campaign - who will be the certifiers, scheduling etc. Confirm your choices and click the ‘Review Campaign’ button.
Step 8 - The next page is a summary - if everything looks good, click the ‘Save Campaign’ button.
