Creating external (non workforce) users directly on SailPoint ISC

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi All,

I am new to the forum, and would appreciate some guidance on a design question.

Scenario:
We have a group of non-employee users who currently do not exist in a source system of record (such as HR). These users still require downstream provisioning, including Active Directory access and application access.

This persona does not fall under Non-Employee Risk Management (NERM) in our scenario.

Question:
Is it considered good practice to create and manage these users directly in SailPoint ISC when there is no authoritative source of truth, or would it be better to introduce another authoritative source (e.g. a simple user registry or directory) and use that as the identity source?

What I have tried:

  • Reviewed SailPoint documentation on authoritative sources and identity creation.

  • Looked into whether ISC can act as the identity source for manually created identities and still support provisioning workflows.

Current result:
It appears possible to create identities manually or through workflows, but I’m unsure whether this aligns with best practice for identity lifecycle management.

Expected outcome:

Looking for guidance on recommended architecture or best practice for managing identities that don’t have a traditional source of truth but still require provisioning.

Has anyone implemented a similar model in ISC? Any recommended patterns or approaches would be greatly appreciated.

Thanks in advance.

2

Hi @Sharmaanuj It’s not considered best practice to consider manually manipulating Identities in ISC. An Authoritative Source connector should be implemented. Depending on your Use Cases for scale, complexity, workflows, etc for modifying these Third Parties, the solutions range from CSV file to NELM to SQL to ServiceNow (etc) up to NERM

2 Likes
3

I totally second this. Manipulating identities manually goes against the principle IAM concept is built upon. What @j_place suggested as options are the best possible in ISC and you can pick one/more depending on your business requirements

4

Thank you @j_place - Any recommendation on automating the CSV file feed to SailPoint ISC - as an initial approach? I agree with you, long term ServiceNow>ISC integration or NERM will be ideal.

5

Hi @Sharmaanuj Sounds like you’ve already gone up a tier in terms of Auth Source functionality (automation) so I would suggest looking at NELM or SQL or Airtable or a Custom Table in SNOW to manage your Auth Source depending on your preference. Yes, there are solutions for automation of CSV, but, tbh, I don’t really like any of them :wink: