Access Modeling and Governance Flashcards
What defines what a user can do and see in IdentityIQ
Capabilities and Scope (if configured)
What is scoping?
The act of subdividing data into logical groups and granting access based on those subdivisions.
Workgroups are used for? (Two things)
Assigning access to IdentityIQ and Sharing of IdentityIQ responsibilities
True or False: IdentityIQ does not support multi-factor authentication.
False
True or False: A best practice is to assign ownership of objects, such as applications, to workgroups.
True
What do Identity Cubes represent within IdentityIQ?
Users
Identity Cubes store all information regarding a user.
How are Identity Cubes created?
By loading data from authoritative sources or from the UI
This process involves gathering user data to populate the Identity Cubes.
What do applications define in the context of IdentityIQ?
Target resources
Applications specify which resources are to be managed within IdentityIQ.
What is the purpose of a Connector in IdentityIQ?
To specify how to connect to the resource
Connectors define the method of interaction with target resources.
What do Schemas define in IdentityIQ?
The data to be read from the resource
Schemas outline the structure and types of data that can be accessed.
What controls how and when data is read from the target resource?
Aggregation Tasks
These tasks manage the timing and methodology of data collection.
What do Identity Mappings control?
How Identity Attributes are ‘sourced’
Identity Mappings determine the origin of various user attributes.
What is the role of Authentication in IdentityIQ?
To control who can log in
Authentication mechanisms ensure that only authorized users can access the system.
What do Capabilities/Scoping and workgroups control within IdentityIQ?
Users’ access
These features manage permissions and access levels for users within the system.
What is a Managed Entitlement Customization Rule?
A rule that allows the customization of fields such as owner, requestable, or descriptions on ManagedAttributes.
1
Runs when and does what?
- Runs for every line in the file
- Converts incoming data into map
2
Runs when and does what?
- Runs once for each aggregation
- Can do any pre-processing
4
Runs when and does what?
- Runs once for each account or group
- Performs final conversion to Resource Object
What are the benefits of using roles instead of logical applications?
*Roles scale significantly better than logical applications
* Roles have an extended set of features not available to logical applications
* Roles leverage existing connector pathways
This highlights the advantages of roles in managing applications.
Define the Challenge Period.
A timeframe where challenges to decisions or actions can be made.
This period allows for objections or disputes.
What is the Revocation Period?
When access is removed from denials. Can be automatic or manual
This allows for reconsideration of prior decisions.
What is Certification in this context?
The process of officially validating or confirming a status.
Certification often involves meeting certain criteria or standards.
What is #1
Staging
(optional)
https://documentation.sailpoint.com/identityiq/help/certification/phases_of_a_certificatio.html
What is #3
Challenge
(optional)
https://documentation.sailpoint.com/identityiq/help/certification/phases_of_a_certificatio.html
