New Capability: Non-Employee Risk Management User Connector for Identity Security Cloud

Announcements Product News
, , ,
1

Description

:bangbang: The SailPoint Non-Employee Risk Management team is pleased to announce the release of a new Non-Employee Risk Management Users connector for Identity Security Cloud.

This connector is designed to manage the Non-Employee Risk Management Lifecycle users and their permissions within NERM from Identity Security Cloud. This will allow NERM User access to be assigned, remediated, and governed right alongside access to other sources, using well-established ISC features and best practices.

New Capabilities

  • New Non-Employee Risk Management Users connector available in the ISC connector library.
  • The new connector can be used to create an ISC source that will:
    • Allow NERM User Roles to be aggregated to ISC as Entitlements.
      • These Entitlements, representing NERM User Roles, can be bundled into ISC Roles and assigned to identities via ISC access request and lifecycle event processes.
    • Allow NERM User accounts and entitlement assignments to be provisioned from ISC.
      • This will allow Users to be created in NERM when their accounts are created in ISC, prior to these users authenticating.
      • This can be useful for scenarios in NERM, in which a User needs to be selected from a User Select (such as an assignment sponsor), but the person has not yet logged into NERM.
  • NERM User data can be managed entirely from Identity Security Cloud.
    • NERM User accounts can be managed from ISC.
    • NERM User access can be assigned directly in ISC as Entitlements.
  • Authentication from Identity Security Cloud will no longer need to rely on Group claims received from the Identity Provider (IdP).

Note: this will be an optional configuration handled, for the time being, by SailPoint. To enable Authentication using Entitlements from ISC, rather than Directory Group mappings, please contact Support.**

Problem

  • Non-Employee Risk Management currently relies on Directory Group mappings to assign User Roles to NERM Users. This requires admins to manage these groups on these applications, rather than through established ISC access management processes.
  • Admins lack visibility into which ISC Identities have accounts on NERM, and what permissions they have in NERM.
  • NERM User access cannot be directly bundled into roles, or included in certification campaigns. This limits proper governance of NERM access.
  • NERM admins are unable to select from an up-to-date list of Users within NERM, unless those users have had an account created via just-in-time authentication (i.e., they need to log into NERM before they are available to be selected in NERM user dropdowns).
  • Currently, any ISC user who selects ‘Non-Employee Risk Management’ in the Solutions Center will be logged into NERM, and have a user account created for them. While these users would still require the user roles be assigned to them in NERM in order to see any profiles or take any actions.

Solution

SailPoint Non-Employee Risk Management Users
SailPoint Non-Employee Risk Management Users1138×201 19.1 KB

  • We are releasing a new connector in Identity Security Cloud, called SailPoint Non-Employee Risk Management Users

    • This connector will be found in ISC under Admin → Connections → Sources → Create New SailPoint Non-Employee Risk Management Users.

    • This connector will require configuration by an ISC Admin.

    • This connector is not designed to be an authoritative source. Correlation will need to be configured to ensure that these accounts will be tied to the appropriate identities in ISC.

  • Account (User) Management

    • Account schema will be predefined for NERM users, per their OOTB attributes.

Account Schema
Account Schema1594×738 51.6 KB

  • Entitlement (User Role) Management

    • Entitlement Type ‘group’ will be created by default. NERM Lifecycle User Roles will be aggregated into ISC as these Entitlements.

Entitlement Type
Entitlement Type1604×730 41.1 KB

  • Provisioning

    • User Accounts will be provisioned to NERM for Identities in ISC.

Create Account
Create Account720×823 36.3 KB

  • Attribute Sync - ISC Identity Attributes can be synchronized to User accounts in NERM

Attribute Sync
Attribute Sync1053×334 19.9 KB

Who is affected?

  • ISC Customers connecting NERM for the first time.

  • Existing NERM + ISC customers who want to manage NERM Users and User Roles directly in ISC, without relying on directory groups.

Action Required

For NERM + ISC customers: once the a Source created with the NERM Users connector is established, you will have the option to update your authentication to

  • Map User Role assignments in NERM to the entitlements assigned via ISC, rather than directory groups

  • Ensure that just-in-time User account creation is disabled for ISC users

    • Instead, NERM users will need to have accounts provisioned via ISC prior to logging into NERM via the Solutions Center

Soon, enabling this authentication change will be a self-service configuration within your NERM tenant. For the time being, however, SailPoint will update your authentication criteria for you.

To enable Authentication using Entitlements from ISC, rather than Directory Group mappings, please contact Support.

Important Dates

Connector Available in ISC: Sept 25, 2025

**Delayed until after Oct 3, 2025
We apologize for the inconvenience, and will update when this connector is available!**

Additional Resources

2

The release of this connector has been postponed until after Oct 3, 2025.
We sincerely apologize for the inconvenience, and we will post a new update once the connector is available.

1 Like
3

@jeff_lakey Just checking in, has the connector release gone live yet or is there a new target date?

1 Like