Description
SailPoint’s AI continuously discovers your machine accounts, performing hourly scans to detect new additions. Review these newly discovered accounts using the Discovered as Machine filter.
New Capabilities
This capability is for customers who are experiencing problems answering the question: “How many service accounts, bots, and machine accounts do I have?”
- Review the accounts SailPoint’s AI discovered in the Human and Uncorrelated Accounts lists.
- Correlate these accounts to machine identities with the update correlation actions.
Problem
Your directories are packed with thousands of service accounts, bots, and machine accounts—many with incomplete data, inconsistent naming, and incorrect OU memberships. Now, the auditors have arrived, demanding a full, accurate list of machine accounts. Manually tracking them down could take weeks—time you don’t have when there are more pressing tasks on your plate.
Solution
SailPoint’s AI takes the hassle out of managing machine accounts by automatically inventorying them for you. It scans hourly, identifying new machine accounts and presenting them in a familiar menu you already use for other tasks—so you can review them on your schedule.
The solution zeroes in on what matters most: your key sources, Active Directory and Entra.
Step 1: Use Machine Account Classification to establish policy that defines your machine accounts (optional).
You can use Machine Account Discovery on its own, without Machine Account Classification.
However, we recommend running Machine Account Classification first. It helps identify the easiest machine accounts to inventory, significantly narrowing your discovery pool. This process filters out tens of thousands of accounts and highlights those that policy might otherwise overlook.
This example focuses on the Active Directory source and uses specific criteria to define machine accounts within Active Directory.
Step 2: Review the discovered uncorrelated accounts under Accounts > Uncorrelated Accounts with the Discovered as Machine filter applied.
Use the Discovered as Machine filter to inspect the accounts that were discovered.
Drill into each insight to understand the rationale.
Step 3: Dismiss invalid insights with Dismiss Discovered Machine.
SailPoint’s AI might pick out things you disagree with. Select Dismiss Insight to clear the Discovered as Machine insight. We’ll track your dismissals and make better decisions in the future.
Step 4: Re-correlate remaining accounts to machine identities with the Update Correlation action.
You’re able to update the accounts one at a time or in bulk. The system processes Machine Account Mappings when you complete this action. This will set machine account attributes including Account Owner and Machine Identity according to your configuration.
You’re able to use these actions against accounts whether or not the configuration has marked them Discovered as Machine.
We’ll move this single account using the Update Correlation action. We’re being conservative to test the machine account mappings we’ve set for this source.
The success message includes a link to the machine account so you can review the account once mappings have been run.
We feel that mappings are working as expected so we will move the rest of the accounts on this source in bulk using the Correlate to Machine Identity action.
Step 5: Review the updated machine accounts and make additional changes (optional)
Navigate to Machine Accounts and review the attributes that were established based on mappings.
We’ll use the Update Account action to fix an account where mappings weren’t applied as expected.
Step 6: Review the discovered human accounts under Accounts > Human Accounts with the Discovered as Machine filter applied.
Use the Discovered as Machine filter to inspect the human accounts that were discovered. From here, repeat steps 3-5 for human accounts.
Step 7: Prove your work to auditors
Use the query "Update Manual Correlation Passed" in Search to review correlation changes.
Who is affected?
Customers that have licensed Machine Identity Security.
Action Required
Customers should leverage this feature when adopting Machine Identity Security.
Important Dates
Machine Account Discovery will be rolled out to sandbox tenants on Mar 19, 2025, and will begin rolling out to production tenants on Mar 26, 2025.
By RSVP’ing to this event you will be reminded of this release prior.
Additional Resources
Machine Identity Security Overview - SailPoint Identity Services