New Capability: Automated schema creation and syncing for Non-Employee Risk Management Source in ISC

Announcements Product News
, ,
1

Description

Non-Employee Risk Management is pleased to announce several enhancements to the Non-Employee Risk Management Connector available in Identity Security Cloud.

These new capabilities will reduce the time spent configuring the connection between Non-Employee Risk Management and Identity Security Cloud, and ensure the near-real-time synchronization of data for non-employees and their assignments.

New Capabilities

  • Quickly and easily configure Identity Security Cloud Source to aggregate Non-Employee and Assignment data
  • Ensure adherence to SailPoint’s best practice data model for Non-Employees and their Assignments
  • Automatically keep Non-Employee and Assignment data up-to-date in Identity Security Cloud - no need for recurring Aggregations

Problem

  • Customers need to synchronize and maintain accurate identity and assignment data for non-employees in Identity Security Cloud, so that the non-employees’ access can be managed and governed appropriately.
  • Currently, this requires that an ISC Admin or implementer spend a long time
    • configuring Sources to point to the Non-Employee Risk Management tenant
    • configuring aggregation tasks to bring the Profile data into ISC
    • configuring Identity Profiles for the authoritative Non-Employee source
    • correlating Assignments to Non-Employees
  • Currently, once the Source is created and aggregation schedules defined, the data for these identities and their assignments are not updated until the periodic aggregation task runs
  • There is no “best practice” data model for how to represent Non-Employees and their Assignments in Identity Security Cloud in a way that will ensure the maximum benefit of Identity Security Cloud’s feature set.

Solution

  • Standardized Sources
    • All new Non-Employee Risk Management-enabled Identity Security Cloud tenants will contain a new Non-Employee Source out-of the box
    • Until configuration is completed in Non-Employee Risk Management (see next bullet point), this source will not aggregate any data
    • This Source will contain default account schema, along with support for extended attributes
  • Streamlined configuration
    • New page in Non-Employee Risk Management: Identity Security Cloud Connection Settings

Non-employee source
Non-employee source1524×1474 261 KB

Non employee source 2
Non employee source 21520×1474 241 KB

  • This page will allow our tenants to enable the Identity Security Sources that will aggregate NE data into ISC.
    • Two tabs: Non-Employees and Assignments.
      • Non-Employees refers to the identities that are managed in NERM
      • An Assignment represents a job function a non-employee is performing for a specified period of time.
    • Each tab will allow for the configuration of different Profile Types to sync with Identity Security Cloud
      • Non-Employees tab will allow an admin to map attributes for any profile type in the Non-Employee category
      • Assignments tab will allow an admin to map attributes for any profile type in the Assignments category
    • Both Non-Employees and Assignments contain Core Attributes and Extended Attributes
      • Core attributes are the building blocks for the Identity or the assignment.
      • Extended attributes are custom attributes that may be configured for the ISC Sources.
      • These Core and Extended attributes will be created as the account schema for the Sources in ISC
      • You can map any profile attributes for Non-Employee or Assignment Profile Types attribute to these core attributes
    • Account correlation
      • Account correlation will automatically be configured using the Employee Number attribute
  • Event-based syncing
    • With syncing enabled, changes that are made to profiles in NERM will be automatically be pushed to the corresponding accounts in ISC, without waiting for a periodic aggregation to be run.

Who is affected?

  • Identity Security Cloud customers with Non-Employee Risk Management tenants
    • This feature is most applicable to customers who have not yet established a Non-Employee Source in ISC

Action Required

  • Customers with existing NERM Sources configured in ISC do not necessarily need to take action, as any Sources that are already established in their tenants will continue to work as they have.
  • If a customer with an existing NERM Source in ISC wishes to take advantage of the new Source configuration and features described above, it is recommended that they migrate their authoritative source following the path outlined here: Migrating Between Authoritative Sources - Compass
  • To Configure the Non-Employee Source in ISC using the updated connector configuration, please open your NERM tenant and navigate to Admin → System → Identity Security Cloud Connection Settings and follow the documentation (documentation link will be provided when the feature is live in Production).

Important Dates

  • Customer Sandbox tenant enablement: April 7, 2025
  • Customer Production tenant enablement: April 14, 2025

:bangbang: By RSVP’ing to this event you will be reminded of this release prior.

1 Like
3

This is really awesome, we were just about to go live with our NERM environment to replace our old solution, but in discussion the event based syncing is worth it to us to delay. A couple questions.

Will we still be able to configure correlation like other SP sources?

How does this work for identities who have multiple assignments linked to them?

1 Like