The SailPoint Identity Security Cloud Governance connector extends a deep level of governance and access management capabilities of the identities present within the Identity Security Cloud tenant. This connector treats Identity Security Cloud as a governed system and manages identities as accounts. Along with it, the connector manages user levels (permissions), roles, and governance groups as entitlements.
Hi, I am brainstorming use cases for managing roles through the ISC Governance connector.
A problem we’ve had is many of our Access Profiles should ideally be from different systems (i.e. AD group for SSO + db role + internal privileges). Unfortunately AP’s do not support heterogenous entitlements.
Managing Roles through ISC Governance, we could create non-requestable roles, expose them as entitlements, and make them requestable via an application. It would allow us to group related Roles together in an application instead of having isolated roles in the Request Center.
Can you advise if this is an intended use case and if there is special care needed when managing Roles through the ISC Governance source.
Hi @JoiKari, we provided “Role” as an entitlement in this connector based on the feedback from some of our customers where customer wants the visibility for the associated Roles as a part of the entitlement for the accounts.
It might not be required for everyone and ‘just in case’ kind of deal. I can’t comment whether this is an intended use case or not as the use case varies based on the required outcome. But looking at your use case, I think this is valid case. Only thing is, there should not be any conflict with the automated provisioning operation or conflict with your existing access model.
We provided the capability for managing “roles” in this connector to cover such requirements and to make this connector more flexible.
For these type of questions, you can post in the discussion forum so that other people can share their experience.