Tuesday, March 10, 2020

Sailpoint Identity IIQ Correlation

Understanding Correlation Rule, Correlation Configuration and Default Correlation

Below are the 3 options with which the Correlation happens in the Sailpoint IIQ despite of the Application is Trusted or Target , Also below is the order in which different options takes preference.

  1. Correlation Rule 
  2. Correlation Configuration 
  3. Default Correlation (Schema Attribute "Display Attribute")
Correlation rule supersedes the correlation configuration and correlation configuration supersedes the default correlation. The general behavior of IIQ is to find returned map first from rule; if it does not return anything it falls back on Correlation configuration. If correlation configuration too does not return anything, it falls back on default correlation. If default correlation fails, it creates an orphan account

Few Important point to note:

  1. Identity is created based on Display attribute (search in identity warehouse) if the Orphan one is getting created.
  2. Correlation doesn't happens based on Identity Attribute if we don’t select any Account Correlation or Correlation rule
  3. The correlation is going to be done based on Display Attribute only if we don’t select any Account Correlation or Correlation rule
  4. Identity Attribute is used for pulling unique data from the application and aggregate it into IIQ Irrespective of selecting option Authoritative Application it will apply for both cases.

2 comments:

  1. Please share same idea for integration of Sailpoint with SIEM tools for security view.

    ReplyDelete
    Replies
    1. We have used Tableau to show different matrix such as the Users Access , Entitlement , Application Matrix and other different reports , Basically we have to connect to IIQ Database from Tableau and used the query to show the data.

      Delete