Service Accounts in SailPoint Use Cases

Which IIQ version are you inquiring about?

Version 8.2

Share all details related to your problem, including any error messages you may have received.

We are exploring adding Service Accounts into our SailPoint environment. I am looking for more use cases for having service accounts in SailPoint. Can anyone share how you use service accounts in SailPoint today and some use cases for this?

Hi @Alyson_Trad

https://community.sailpoint.com/t5/Crash-Courses/Crash-Course-Best-Practices-to-Manage-Service-Accounts-in/ba-p/210274

This one also:

https://community.sailpoint.com/t5/Technical-White-Papers/Service-Accounts-Best-Practices/ta-p/74286

1 Like

Hi @Alyson_Trad ,

We have had service accounts (and on-call/bot/test accounts) in our IIQ environment for about eight years.

Our use cases are:

  1. Setting ownership on each account. When an owner moves areas or leaves the company, we have an automated process that get the reassignment of ownership started.
  2. Creating new accounts. We have a Quicklink form that can be filled out to create a new service account. After approvals are gathered, the account is automatically provisioned. Also, the account is automatically added to a selected safe in our Password Vault solution (using the PAM module).
  3. Deleting service accounts. Similar to the creation form, we have a deletion form.
  4. Allowing for access requests. Service accounts can have access requested for them in Manage Access, just like any other account.

There are probably other use cases, but those are the main ones I can think of. Let me know if you have any questions.

1 Like

hey Alyson,

Wha i’ve done in a number of clients that had service accounts was to create it as a Identity of type “Service Account”.
We them, used the Adminsitrator and Manager field to relate it to existing user Identity.
Also on every application we correlated the Accounts with its correct identity, in some cases we had accounts with the same username in multiple applications.
We them created a LCM for these accounts, and a Type of “Certification” were the administrator had to ensure that the account was still in use.

Theres alot of different approachs , but threat it as a Identity helps alot.

best!

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.