We just moved to 8.4.2 and was hoping to see UI Performance improvements around a couple of topics. One of these is the removal of access from a User that has a lot of access (What SailPoint like to call a FAT IDENTITY). The issue we are seeing is that the UI will not allow the Manage User Access>Remove Access to return with data. It just times out after 5 minutes. The ability to not return this data is causing a lot of issues for members within many areas of the business. This seems like a major design flaw within the system, but I would like to understand how other clients are handling the issue of “Fat Identity”?
how many accounts are link to same human identity ? generally this happens for the service identity. I don’t see any case if users have 100’s of account in same application .
So in case if you are trying to link the accounts which are not users accounts update the correlation logic to not link to human identity .
Incase if this are service account , then i would recommend create service identity for each service account.
our issue is not around the number of applications (we do have some people alot but less more than 80) but the number of Roles and Entitlements someone has. Example we have some with 72 application accounts but has 679 Roles and 2392 Entitlements
(we do have some people with alot but no more than 80)
679 roles seems to be too many , should be optimized and roles must be reviewed and see if those can be combined.
When you say “Optimized” can you please explain what you mean. in our case, combining these Roles is NOT an option due to how access is provisioned to these applications. Our previous system had no problem with the number of Roles or Entitlements an ID could have.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.