Description
We are pleased to announce a set of powerful enhancements to Identity Graph that expands the types of data shown in the graph, provides users with more tools to extract insights, and makes it easier to share the graph with partners across the organization, including application owners and security analysts.
This post will cover multiple features that are grouped across these distinct pillars:
- Visibility
- Insights
- Control
- Administration
New Capabilities
Capability 1: Visibility
We are happy to announce that users can now visualize access pathways for two new object types in Identity Graph:
- Machine Identities
- Accounts
These additions provide breadth and depth to graph visualization, including some of the most critical parts of identity environments.
Problem
With the explosion of machine identities, customers need enhanced visibility and insight into their access. By not visualizing these crucial identity types, Identity Graph leaves identity teams unable to intuitively investigate access for a large portion of their identity footprint.
Additionally, understanding the explicit access assigned to an account is a crucial aspect of not only understanding if that access is appropriate, but being able to take action. Without a clear picture that ties access to accounts, users struggle to troubleshoot access or investigate security events.
Solution
The Identity Graph now supports searching for and visualizing identity data for both Machine Identities and human/non-human accounts. Users can now analyze machine access pathways using Identity Graph and see the exact access assigned to a specific account for a human or non-human entity.
Who is affected?
Customers who have purchased O&I, specifically:
- ISC Administrators
- Identity Graph Admins
Capability 2: Insights
We’ve introduced a handful of new improvements to help administrators better extract insights from the graph. These new capabilities provide a significant enhancement to the ability of users to manipulate and understand graph data.
Problem
Graph visualization is a powerful tool to understand relationships, but that picture is only as good as the insights one can pull from it. Specifically, quickly gaining high-level insights and digging deeper into those relationships is difficult without enhanced context and capability.
Solution
We’ve introduced a 4 new improvements to make it easier for users to extract insights from Identity Graph.
MySailPoint Widget: We’ve introduced a new widget to provide high level insights across the organization.
Nested Quick Filters: Quick Filters that will isolate nested entitlements and cyclical nests make it easier to identify potentially hazardous inheritance.
Filtering and Grouping: We’ve enhanced our existing filtering capabilities while also introducing the ability to group nodes in the graph by certain attributes.
Access Context: For relevant access items, we have introduced the ability to understand access request information to help users understand how access was granted.
Who is affected?
Customers who have purchased O&I, specifically:
- ISC Administrators
- Identity Graph Admins
Capability 3: Control
We’ve introduced two distinct actions to the graph, enabling users to efficiently and effectively act on issues surfaced in the graph.
Problem
Taking action on insights in the graph requires users to visit other parts of ISC, disrupting their workflow and inhibiting efficiency.
Solution
We have introduced two high impact actions to the graph to allow users to take decisive action:
- Enable/Disable Accounts
- Set Lifecycle State
Who is affected?
Customers who have purchased O&I, specifically:
- ISC Administrators
- Identity Graph Admins
Capability 4: Administration
One of the benefits of graph visualization is its inherent intuitiveness. This makes it a great tool to convey complex information. These improvements make it easier for administrators to share graph views and improves the workflow of those new users.
Problem
As the identity footprint expands, identity teams must delegate tasks across the organization. This is a delicate balance between providing capabilities that could have an operational impact and enabling key partners across the organization.
Solution
Identity Graph now has a new user level, Identity Graph Read Only, that provides read only access the Identity Graph. Users with the Identity Graph Read Only user level can view graph data, but won’t be able to take any action.
We have also included these user levels in the Custom User Levels solution, enabling administrators to bundle these user levels within existing custom user levels.
As part of enabling users, we’ve also introduced new entry points to the graph across ISC. This makes it easier to jump directly into the graph as part of an existing workflow, rather than having to return to a central location.
Who is affected?
Customers who have purchased O&I, specifically:
- ISC Administrators
- Identity Graph Admins
Additional Resources
Please reach out to @michael_presas for any questions concerning these new capabilities.