The use case involved architecting solutions for LogLabs and Scotiabank, focusing on two main user groups: Identity and Access Management users utilizing various heterogeneous IEM platforms like Broadcom, and Active Directory users. The challenge revolved around implementing attestation and governance certification processes, requiring integration for both groups. Specifically, integrating with third-party systems for users on non-AD platforms and with AD for those utilizing it.
The primary objective was to leverage IdentityIQ for identity governance and compliance within the organization. With over two hundred thousand IdentityIQ instances in use and a continual influx, the focus was on streamlining identity governance processes, particularly for onboarding, offboarding, and conducting periodic attestations.
It effectively streamlined our user access management processes, serving as a central hub within our enterprise ecosystem. With various credentialing IdentityIQ access management solutions in place across the organization, SailPoint integrated seamlessly with these systems. It ingested events from these sources, generated reports, and initiated outgoing events and triggers to facilitate appropriate actions based on user and supervisor actions.
The policy management and risk-scoring capabilities of SailPoint IdentityIQ greatly benefited our organization. While we primarily focused on policy enforcement based on written guidelines for identity lifecycle management, we didn't extensively utilize a risk-based approach, as that fell under a separate area of resource management. However, within the policy feature set, SailPoint provided robust options. We were able to categorize users into different groups, such as office users, retail channel users, and backend users. Additionally, we could apply role-based access controls and differentiate between temporary and permanent employees, full-time and part-time staff, and those with specific time-based access requirements or temporary assignments within the organization.
The implementation of IdentityIQ significantly impacted our IT audit and compliance activities. SailPoint was introduced in response to an audit observation, as no prior system was in place and everything relied on manual processes. This lack of automation resulted in gaps and oversights. Implementing SailPoint IdentityIQ for attestation and governance effectively addressed this audit observation and closed the compliance gap.
It played a crucial role in addressing a complex identity management challenge within our company, particularly in the area of credential cleanup. Given the large user population, a dedicated team within the IAM pillar focused on this task. Before SailPoint, it was common to encounter instances where user identities remained active even after individuals had moved roles or left the company. For example, credentials associated with finance or treasury functions would still be accessible, even if the user had transitioned to a different department. Similarly, sensitive data access, such as payroll and HR systems, posed risks if not appropriately managed post-employee departure. SailPoint streamlined the process of managing these identities, effectively identifying and addressing instances where inactive accounts lingered, sometimes for extended periods, thus enhancing overall security and compliance efforts.