Overview
SailPoint recently introduce a handful of SaaS connectors for Identity Security Cloud that allow the aggregation and correlation of third party risk scores. One of the use cases for these scores is to target high risk identities for certification. Configuring a risk-based access review is straightforward.
Prerequisite:
- SaaS risk connector deployed (CrowdStrike, Proofpoint, or Elevate)
- An identity profile configured with an attribute defined and mapped to a score attribute sourced from the earlier connector (in the following example, the attribute name is âcrowdstrikeRiskScoreâ)
Step 1 - Navigate to the âSearchâ UI in ISC, select the âCertification Campaignsâ navigation option on the left side of the screen, and then click the âNew Campaignâ button.
Step 2 - On the âWhat do you want to certify in this campaignâ screen, select âIdentitiesâ.
Step 3 - On the next screen, select the âAll Identities Returned by a Queryâ option.
Step 4 - Enter your query to search for high risk users into the query box on the âChoose Identities with a Queryâ screen. This query is based on your attribute defined on your identity profile.
Step 5 - Click the magnifying glass button and confirm the search returns the expected/desired identities. Then click the âCertify These Identitiesâ button.
Step 6 - On the next screen, you have the option to certify all access or narrow down the scope of the certification contents.
Step 7 - Now youâre in familiar territory, configuring some basic options for the certification campaign - who will be the certifiers, scheduling etc. Confirm your choices and click the âReview Campaignâ button.
Step 8 - The next page is a summary - if everything looks good, click the âSave Campaignâ button.
