ISC Architecture

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Can someone provide few sample templates of ISC High Level Architecture, with following components

  • ISC Tenant
  • VA Setup (Cluster)
  • Integration with Cloud Apps including Entra ID Among others.
  • Integration with On Premise App including AD and Non AD Apps
  • How failover works for CLoud tenant.
2

Hello, What do you mean by few sample templates? Do you require artifacts or ony understanding of High Level Architecture?

3

Artefacts would do to define different components involved for designing Architectures for ISC

4

Wont be able to provide artifact extract but yes, what all things are required (Artifacts/Configuration Names) for E2E integrations, can help you with that.

5

Hello,

The High Level Details are as follows.

  • ISC Tenant

    • The SailPoint ISC is a Saas based Identity Governance Administration tool.

    • The Major components as per the ISC high level architecture is SailPoint ISC cloud Tenant, Virtual Appliances which contains Enterprise connectors and Cloud Connector Gateway and last but not the least are Target Systems

  • VA Setup (Cluster)

    • VA is Virtual Appliance which is component running on Linux FlatCar Based Operating System.

    • It is hosted on Clients on Premise Environment.

    • In 1 Cluster of Vas, there should be more 2 Vas present as per SailPoint Recommendations.

    • VA connects with SailPoint ISC – VA Cluster Queue, get the requests and sends the request to Target Systems.

    • It performs all the Outbound communications with SailPoint ISC tenant and Target systems.

  • Integration with Cloud Apps including Entra ID Among others.

    • Create a source with respective OOTB connector

    • Configure the Connection Details

    • Test Connections

    • Update the Account Schema.

    • Perform the Account Aggregation

    • Perform Entitlement Aggregations

    • Configure Account Correlation Rule and Manager Correlation Rule (If source is Authz Source)

    • Create Identity Profile (If it is an Authz Source)

    • Configure Life Cycle States

    • Develop JSON Transforms

    • Perform the Identity Profile Mappings

    • Configures Roles, Access Profiles for RBAC

    • Configure the required artifacts for Joiners Movers and Leavers such as Cloud Rules, Connector Rules, Account Profiles for Disable and Enable.

  • Integration with On Premise App including AD and Non-AD Apps

    • Almost same steps as above.

    • For AD, the IQ Service component is required for Provisioning. Without IQ Service, provisioning will not work. The aggregation from AD does not require IQ Service machine.

  • How failover works for Cloud tenant.

    • This is something which is handled by SailPoint ISC multi-tenant architecture.

    • Also, the provisioning failover or aggregation failover and retries can be configured at Source level. It’s not applicable for all sources but only for some sources.

2 Likes
6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.