Restrict access to the tenant based on identity attributes

Identity Security Cloud (ISC) ISC Discussion and Questions
1

We want to limit who has access to our Sailpoint based on identity attributes.

I found ways to restrict access by country or restrict what the users can reqeust though segments but nothing on limiting login alltogether based on an attribute when access is based on SSO.

How can I only allow some users access to the tenant?

2

Hi @kxreynolds - If you are using SSO, within your Identity Provider, can you restrict your SSO to a Group/Permission and then manage that as an Entitlement?

1 Like
3

Restricting the SSO is probably a solution. Thanks, I’ll work with my network team on that. Would be nice if access was able to be restricted at more granular levels in the tenant but this should work.

4

You can achieve using the following:

  • Configure your IdP to only send SAML assertions to Sailpoint for the identities that should have access
  • This could be done with groups/roles in the IdP or by filtering based on user attributes
  • Identities without a SAML assertion sent from the IdP will not be able to login to Sailpoint

Let us know if you are able to achieve using the above?

5

This is the solution we went with. Used an AD group to restrict access through SSO.

Jeremy Place also had the answer. Thanks!

6

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.