CyberArk Safe/Container targeted certification in SailPoint IIQ

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Which IIQ version are you inquiring about?

Version 8.2

Please share any other relevant files that may be required (for example, logs).

2_CyberArk.png
2_CyberArk.png1885×835 61.3 KB

Share all details related to your problem, including any error messages you may have received.

Hi there,

We have integrated CyberArk with SailPoint IIQ and intend to certify safes/containers for users. Under the User Identity Cube → Ents, we can see Safe permissions / entries for each user.

Targeted Certification:

Our concern is with Targeted Certification, where we would prefer a single line item for each safe rather than multiple lines (i.e., access to the safe alone, excluding the entitlements there in the attestation).

In the screenshot below, you can see approximately 60 line items for a single safe, which is not ideal for a user experience.

Is it possible to achieve this? If so, any suggestions or recommendations would be appreciated.

2

Hi @nmannem,

Welcome to the Developer community :slight_smile:

You can create IT roles with the combination of the entitlements per safe. The Certification will than show the IT roles and not the (additional) entitlements.

For instance for safe TEST2:
Create IT Role TEST Safe - Basic Access with entitlements:

  • Add events
  • Create object
  • Delete

It might look like a lot of addition administration, but in the end it will simplify the access reviews and be easier to show outliers :slight_smile:

It is possible to automate the IT role generation, which will reduce the manual labour :wink:

I hope this helps !

– Remold

3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.