Description
The latest release of Identity Graph features a slew of enhancements that make it easier to understand what access actually means for an organization, expose new account-related insights, and introduces powerful enhancements to search and graph actions.
This post will cover multiple features that are grouped across these distinct pillars:
- Visibility
- Insights
- Control
- Search
New Capabilities
Capability 1: Visibility into Data Access Pathways
We have integrated Data Access Security’s (DAS) deep and rich understanding of access to sensitive data into the Identity Graph. This addition extends the existing entitlement objects beyond simple membership to include visibility into business context and risk for access.
Problem
Access to data remains crucial context for both governance and security teams. Tying together a specific identity and it’s access to sensitive data is difficult to do at scale and presents significant challenges to maintaining holistic visibility across the identity landscape. This issue intensifies as one considers how AI Agents are interacting with the plethora of structured and unstructured data across the enterprise.
Solution
The Identity Graph now supports visualizing data access pathways. In this way, users can now easily and intuitively understand access to specific data resources within the context of the totality of their access. This addition to the Identity Graph reveals an important piece of context for understanding risk and blast radius.
Who is affected?
Customers who have purchased O&I. Specifically:
- ISC Administrators
- Identity Graph Admins
Capability 2: Insights
We’ve enhanced SailPoint’s Identity Graph with three new insights that highlight account-related risks and make entitlement analysis much more robust: account dormancy, partially off-boarded identities, and indirect access visualization.
Problem
Organizations struggle to identify unused access, partially off-boarded identities, and understand complete access inheritance through nested entitlements. Without comprehensive visibility into these insights, organizations struggle with increased security risks, compliance gaps, and effectively managing identity hygiene.
Solution
We’ve introduced 3 new insights:
Dormant Accounts: Identity Graph will now highlight identities with accounts that have never been user or not used in more than 30 days.
Partially Offboarded Identities: Identity Graph will now automatically identify identities that have an inactive lifecycle state but retain one or more active accounts.
Enhanced Indirect Access Visualization: When viewing the access graph for an entitlement, users can now not only see identities that are directly assigned that entitlement, but identities that inherit access to that entitlement.
Who is affected?
Customers who have purchased O&I. Specifically:
- ISC Administrators
- Identity Graph Admins
Capability 3: Control
We’ve introduced two new actions to the graph, providing users with a more surgical option for revoking access and the ability to compare access between any two identity types.
Problem
Identity Graph provides no capability for scoped revocation of access. This means they must either leave the graph to revoke access from within ISC or disable the entire account. Additionally, it is currently difficult to simultaneously view two distinct access graphs to understand differences, inappropriate access, or troubleshoot access.
Solution
Identity Graph now supports the ability to revoke specific access items from an Identity directly from the graph view.
We have also released a new capability that allows users to compare the access graph of two identities of any type (e.g. Agent vs Human, Machine vs Agent, etc).
Who is affected?
Customers who have purchased O&I. Specifically:
- ISC Administrators
- Identity Graph Admins
Capability 4: Search
We’ve improved Identity Graph search to help you query more effectively and quickly access the graph visualizations most relevant to your needs.
Problem
The current search experience provides users with a list of multiple items, leaving them to scroll through potentially hundreds of results. This provides two challenges:
- it is more difficult to arrive at the individual or set of objects the user is interested in
- requires multiple searches to build a set of a relevant graphs
Solution
The Identity Graph now supports natural language search and provides results in a table view with native filtering capabilities. Natural language enables users to more easily make more complex queries, filtering on multiple attributes or conditions. The results are now provided in a table format which provides an easier way to traverse object types and provides native filtering to even further scope results without requiring an additional query.
Results can still be viewed in the list view by toggling the search result view.
Who is affected?
Customers who have purchased O&I. Specifically:
- ISC Administrators
- Identity Graph Admins
Additional Resources
Please reach out to Michael Presas (michael_presas) for any questions concerning these new capabilities.