Extend identity governance and
user provisioning activities beyond the datacenter
IdentityIQ helps organizations to quickly and easily integrate cloud-based applications into their existing identity governance program without impacting business users or processes. This provides a consistent user experience for common identity business processes, such as requesting access, managing passwords and certifying user access – across all IT resources, regardless of where an application is hosted. IdentityIQ provides two components that work together to quickly extend identity governance and user provisioning activities beyond the datacenter to cloud-based applications.
SailPoint IdentityIQ offers SaaS Connectors to streamline the integration of SaaS applications into enterprise identity governance and provisioning processes with out-of-the-box connectors for common SaaS-based applications such as Salesforce.com and Google Apps.
These connectors work to quickly aggregate and correlate SaaS users and accounts into an identity warehouse where they are combined with user account data from other applications providing a 360° view of access across all applications. With IdentityIQ, SaaS accounts can be managed within established enterprise governance models, including an organization's role model, policy model, and risk model. And, SaaS accounts can be combined with all other user accounts for review in access certification campaigns and during detective policy scanning and violation detection activities.
In addition to providing identity audit capabilities, IdentityIQ centralizes and automates the provisioning and de-provisioning of user access to SaaS applications. End users can also request SaaS accounts directly through the self-service access request interface in IdentityIQ Lifecycle Manager. In both cases, changes to user access on SaaS-based applications are integrated with the preventive controls defined within the IdentityIQ governance model, including separation-of-duty policy evaluation and change approval workflows to ensure all access is compliant and meets policy and security requirements.
Cloud Identity Bridge
The Cloud Identity Bridge vastly simplifies the management and control of applications deployed in cloud environments through a single, centralized governance model. The Cloud Identity Bridge is deployed in the cloud, alongside managed applications to provide secure, highly-reliable delivery of data exchanged between cloud-based applications and IdentityIQ. To enable enterprise-wide management and control, IdentityIQ aggregates user and access data from cloud and datacenter applications into a central identity warehouse and integrates them into the IdentityIQ governance model. This enables cloud applications to be seamlessly included in core identity business processes such as access certifications and access requests and enables policy enforcement that span cloud and datacenter applications.