SailPoint announced the release of IdentityIQ 7.3 on Aug. 22, providing organizations with new capabilities to manage identity for bots and cloud services.
Previous releases of IdentityIQ only supported software bots and robotic process automation (RPA) bots through the use of custom code, which is now changing with the 7.3 update. The new release also provides enhanced policy controls such that organizations can govern both Amazon Web Services (AWS) cloud as well as SAP environments in a consistent way with the rest of the enterprise.
“This is the first release where RPAs and bots are included out-of-the-box as a standard identity type,” Paul Trulove, chief product officer at SailPoint, told eWEEK. “This allows them to be used in all identity governance processes, including access requests and compliance controls.”
IdentityIQ provides visibility into identity usage within an organization. Trulove explained that IdentityIQ helps organizations understand who has access to a given set of resources, as well as what can be done with the access rights that have been granted. In contrast, SailPoint’s SecurityIQ product deals with how organizations govern access to data stored in files.
There are many different types of RPAs and automated processes that IdentityIQ can help manage. An increasingly popular form of automated process is the use of data streams from technologies like Apache Kafka or AWS Kinesis that can help inform machine learning models. Trulove said AWS Kinesis Data Stream Applications or Apache Kafka Processes could be managed as RPAs/bots.
“Any identity, whether it be a human or a non-human device, that has access to systems and applications to perform tasks can now be included in the governance processes,” he said.
A key challenge in understanding and managing identity is dealing with multiple application and deployment platforms that have their own identity models. With IdentityIQ 7.3, SailPoint is looking to enable organizations to govern AWS and SAP environments in a consistent way.
“With IdentityIQ, customers can include AWS IAM [Identity and Access Management] entities, policies, roles, accounts and organizations in the identity governance process,” Trulove said. “Organizations can now manage and certify access to AWS policies, for example, alongside all of the other business roles and entitlements from the other applications and systems in their environment.”
The same is true for SAP identity governance, which can now be managed with a single view from within IdentityIQ, he said. As part of IdentityIQ 7.3, SailPoint is also introducing an Accelerator Pack to help organizations get new applications into the IdentityIQ system quickly with preconfigured templates and best practices.
Looking beyond just integration with AWS and SAP, SailPoint is also adding enhanced integrations with Privileged Account Management (PAM) vendors including CyberArk and BeyondTrust.
“The main reason SailPoint developed integrations with PAM vendors is that privileged accounts must be governed just like regular user accounts,” Trulove said.
SailPoint first introduced a standardized approach to extend identity governance to privileged accounts through the IdentityIQ Privileged Account Management Module in June 2017. The module provides enterprises with a complete view of a user’s access, inclusive of both standard and privileged accounts and entitlements.
Looking forward, Trulove said SailPoint has a number of items on its IdentityIQ roadmap, including enhanced persona support, AI-driven role management and risk-based certifications using peer group and behavioral assessment models.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.