Unable to Search for entitlements that are marked as Privileged

Identity Security Cloud (ISC) ISC Discussion and Questions
, ,
1

Hello All,

I have a group of entitlements that I have marked as privileged on a source that we have, however when I search for them I am not seeing them listed. We are in the implementation stage of marking privileged entitlements so we don’t have may yet. Here is a screenshot of the search:

image
image1868×798 25 KB

We get the same result when searching the API (NOTE: to save space on the post I have removed most of the JSON returned, however these are from our EntraID Source):

Query:

{
  "indices": [
    "entitlements"
  ],
  "query": {
    "query" : "privileged: true"
  }
}

Response:

[
    {
        "name": "Global Administrator",
        "displayName": "Global Administrator",
        "privileged": true,
    },
    {
        "name": "Extended Directory User Administrator",
        "displayName": "Extended Directory User Administrator",
        "privileged": true,
    },
    {
        "name": "User Administrator",
        "displayName": "User Administrator",
        "privileged": true,
    }
]

The source that I have updated has 105 entitlements, of which are marked to be privileged.

Here is a sample of the CSV that I downloaded from the source that we had just updated (NOTE: Group attributeName and attributeValue has been changed as they may contain company data):

attributeName,attributeValue,displayName,description,privileged,schema
groups,Role1,Role 1,,true,group
groups,Role2,Role 2,,true,group
groups,admin,admin,,true,group

I am struggling to find out why the EntraID source is visible but not the other sources entitlements. Thoughts or Ideas are welcome.

Also, from an org standpoint we have not yet started to use the new Privileged Classification feature.

EDIT—

I have also attempted the below with the same results as the query listed in the example and received the same results

{
  "indices": [
    "entitlements"
  ],
  "query": {
    "query" : "privilegeLevel.direct: \"high\""
  }
}
2

Hi @michael_mckeehan ,

Is the entitlement is visible on source with privilege flag?

3

No, here is a screenshot of the source and one of the priv entitlements

image
image1897×451 25.3 KB

4

Hi @michael_mckeehan

Uploading entitlements attributes via a CSV will not mark it as privileged.

You can Use an Entitlement API to update the privileged attribute or edit it from the web ui to mark to override the privileged option :

image
image1907×529 87.2 KB

Once specified, the privileged option is set to true.

Sailpoint has recently released new feature regarding entitlments privilged management New Capability: Privilege Classification in Identity Security Cloud - Announcements / Product News - SailPoint Developer Community which can be con figured also at source level.

5

This was not the case a month or two ago I feel like when these were originally updated.

This solution may have to work for now, but there will need to be a better way to do this. Most of the applications we are bringing into our environment are custom built over the decades and have no rhyme or reason to naming conventions or tags within the attributes that mark them as priv so for the most part the automation is out of the question.

Easier to update a CSV and upload if you ask me. Looks like I have quite a bit of tagging to do now.