We are pleased to announce the availability the SailPoint Shared Signals Framework Transmitter, providing the capability to send the Session Revoked security events to the Shared Signal Framework Receivers of the vendor systems, based on the lifecycle state of an Identity in near real time.
New Capability
We are pleased to announce the availability the SailPoint Shared Signals Framework Transmitter. This new integration between Identity Security Cloud and the Shared Signals Framework (SSF) provides ISC admins with a ready-to-use SSF Transmitter, reducing the time, cost, and complexity of setup -while significantly strengthening your security posture.
As per OpenID Foundation’s Shared Signals Framework (SSF) specification, a Transmitter is a component within an infrastructure that generates, manages, and broadcasts security events (as Security Event Tokens - SETs) to one or more Receivers. The transmitter plays a central role in sharing real-time, actionable security data to enable proactive security measures across platforms.
The purpose of SSF is to make it easy for companies to share security events related to the users who are using their systems. To further enhance the Identity governance and security experience, Identity Security Cloud needed to offer support for this new standard.
We released the Shared Signals Framework - Receiver previously that’s enables you to share CAEP device compliance, risk events etc. in near real-time, improving coordination across XDR, SOC, and Compliance teams to accelerate threat detection and response.
Use cases (Examples):
-
John’s employment status is updated to “Terminated” and because of that the lifecycle state is updated as “Terminated”. This lifecycle state change triggers a Session Revoked event. This signal can enable the following actions depending on the configuration of vendor systems, ensuring comprehensive access revocation.
-
Immediately wipes corporate data from his devices managed through a device management system.
-
Logs out of a specific downstream system.
-
Removes his access from specified vendor system.
-
Removes long-lived tokens that can still provide access even when accounts have been disabled.
-
-
John’s lifecycle status has been updated to “Leave of Absence” as he begins his three-month leave. Since he no longer has any active sessions, a Session Revoked event can be sent through the Transmitter.
Documentation:
Release Details
- Identity Security Cloud - Available.
Note: Atlas Enterprise features are available for add-on purchase for Business and Business Plus customers. Please contact your CSM for more information!