ISC deployement steps : best pratice

Identity Security Cloud (ISC) ISC Discussion and Questions
1

Hi,

I resume a typically steps for ISC deployment :

  • Creation of administrative accounts in Identitynow Admins Source

  • Install Virtual appliance

  • Install IQ Service ==> ? (or wait AD connector integration) ?

  • UI Customization

  • Testing all SSL and opening ports for main targets

  • Integrate authorative source: source configuration, aggregation and test, identity profile creation, lifecyclestate definition, mapping definition

  • Integrate others connectors by priority : source configuration, entitlement and account aggregation, Create account profile definition + test

  • Define birth rights access

  • JML process definition

  • Attribute synchronization

  • Email customization

  • Access Modeling

  • Tests

  • Migrate progresively configuration to production

Is any important technical steps that are forgetted ?

2 Likes
2

@KRM7 please let me know if you have another idea about this steps.

3

Hi @baoussounda

This is a very good discussion, you almost covered. I am just re-arranging based on my experience in

  • Sandbox to PROD replication
  • Cross tenant migration (our company name changed, couldn’t change the url simply)
  • IIQ to IDN migration
  • IDN setup from scratch

  1. Creation of administrative accounts in IdentityNow Admins Source
    β†’ Create all your teammates as admins, once your HR source is onboarded, remove all your teammates except one or two or a break glass account.

  2. UI Customization
    β†’ Change the logo and colors, won’t take much time
    β†’ You need to add no-reply email address from SailPoint to your org email
    β†’ Add the domain, verify it using DNS

  3. Install Virtual appliance
    β†’ Make sure you have 2 in PROD, 1 is enough in Sandbox
    β†’ Make sure the ports are opened

  4. Install IQ Service
    β†’ I believe your org uses AD, so go for it.
    β†’ 1 for PROD and 1 for Sandbox is enough unless you have a lot of users and more AD based applications
    β†’ However in Sandbox 1 is enough

  5. Integrate Authoritative source
    β†’ Source configuration
    β†’ Account Schema
    β†’ Correlation
    β†’ Test connection
    β†’ Account Aggregation
    β†’ Schedule Aggregation

  6. Identity Profile creation for Authoritative source
    β†’ Create IDP with priority lesser than (number higher than) Identity Now admins IDP which is default
    β†’ Identity Profile settings
    β†’ Mappings
    β†’ LCS Provisioning
    β†’ You need to decide how many LCS you need, I suggest Prehire, Active, Inactive, and Deleted.

  7. Searchable attributes
    β†’ We can make attribute searchable a max of 15, so we need to carefully choose attributes

  8. AD connector Integration

  9. Other connectors based on priority
    β†’ Source configuration
    β†’ Entitlement and account aggregation
    β†’ Create Account Provisioning Policy form
    β†’ Handle attribute sync for all sources, for HR source you might need to sync email address
    β†’ Set if you need to send email notification when a user account is provisioned

  10. Password Policies

  11. Access Model
    β†’ Create Access Profiles
    β†’ Create Roles (Request and condition based)

  12. Email Template Customization
    β†’ You need to edit OOTB email templates

  13. Governance Groups

  14. Segments

  15. Applications

  16. Reports
    β†’ Subscribe to reports for various purpose

  17. Certifications

  18. SoD Policies

  19. Workflows

  20. Replication in PROD
    Use Configuration Hub and VS code extensions to replicate configs in PROD

There will be some more like Transforms and Rules development which you will come to know as the work progress.

Hope this helps you :slight_smile:

Thanks
Krish

19 Likes
4

It’s very clear, Thanks @KRM7 :blush:

1 Like
5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.