Group Discounts available for 3+ students and Corporate Clients

SailPoint Interview Questions

SailPoint Interview Questions

Following are some of the most frequently asked SailPoint interview questions in the interview, here are the answers for them.

What is Governance Platform?

Governance Platform is centralizes identity data, roles, business policy and risk modeling to support compliance initiatives and user lifecycle.

What is Compliance Manager ?

Compliance Manager is streamlines compliance controls and improves audit performance through automated access certifications and policy  enforcement.

How to Extend Identity Management from the Data Center to the Cloud?

IdentityIQ helps organizations to quickly and easily integrate cloud-based applications into their existing identity management program without impacting business users or processes. This provides a consistent user experience for common identity business processes, such as requesting access, provisioning accounts, managing passwords and certifying user access – across all IT resources, regardless of where an application is hosted.

IdentityIQ provides two components that work together to quickly extend compliance and provisioning activities beyond the datacenter to cloud-based applications.

-SaaS Connectors seamlessly integrate user access data from SaaS applications such as Google Apps and Salesforce CRM into IdentityIQ to manage access certification, policy enforcement, access request and provisioning processes.

-Cloud Identity Bridge extends identity governance and provisioning into public and private cloud environments, providing a secure and reliable link between IdentityIQ and cloud-based resources.

What is Identity Intelligence?

Identity Intelligence is  transforms technical identity data scattered across multiple enterprise systems into centralized, easily understood and business-relevant information including dashboards, reports and advanced.

What is Audit Configuration?

Use the Audit Configuration page to specify the actions that are collected for audit logs. Since collecting event
information and storing it in the audit logs affects performance, a system administrator must specify the actions
that are audited. Before any data is collected by the audit logs for use in an audit search, IdentityIQ must be
configured for auditing.

The Audit Configuration page contains the following types of actions:

General Actions — typical action performed while using IdentityIQ. For example, running a task and
signing off on a certification are general actions.

Link Attribute Changes — changes made to any assigned link attributes.

Identity Attribute Changes — changes to assigned roles, capabilities, authorized scopes, and controlled
scopes, and changes to the password. This list might also include extended identity attributes.

Class Actions — action taken on the underlying classes used to configure the way in which IdentityIQ
operates. For example, editing a role, creating a policy, and specifying the default emailtemplate are class
actions.

 Desired to gain proficiency on SailPoint? 
Explore the blog post on SailPoint online training to become a pro in SailPoint, 
explore SailPoint Training.

What is Identity Warehouse?

The  Identity  Warehouse  is  at  the  core  of  the  Governance Platform serving as the central repository for identity and access  data  across  all  enterprise  IT  applications  in  the  data  center  and the  cloud. The  warehouse  is  populated  by  importing  user  data from any authoritative source (e.g., HRMS) and user account and entitlement data from business applications, databases, platforms, and other systems. It is designed to scale and rapidly import  access  data  from  large  numbers  of  applications  and users by leveraging out-of-the-box connectors or via flat files.

What is Role Modeler?

IdentityIQ  automates  the  creation,  enforcement  and verification of role-based access across enterprise applications. Organizations can quickly define roles which fit the unique requirements of their environment using IdentityIQ’s adaptive role model. More importantly, IdentityIQ enables organizations to create roles which enforce “least-privilege” access while controlling role proliferation. To  speed the combination  of top-down, business-oriented role  modeling  and  bottom-up  IT role mining, IdentityIQ enables cross-functional participation in the role-modeling process and makes it easy for both business and technical users to create roles that accurately reflect the organization’s business and IT  needs.

Why SailPoint? Innovations in Identity Management?

Only SailPoint brings a unique combination of strengths to bear on every aspect of the new challenges of identity management. With innovative, industry-proven technology, a strong heritage in identity and access management, and a laser-like focus on identity governance, SailPoint is best equipped to help any organization run a successful identity management program with the following industry innovations.

Risk-based approach. Only SailPoint offers 360° visibility into identity and access data and applies a risk model that makes it easy to promptly identify specific business risks before they pose a threat to security or compliance.

Unified architecture. SailPoint is the only identity provider that has built an identity governance and provisioning solution from the ground up to deliver all the capabilities that organizations require to address today’s risk, compliance and lifecycle management needs.

Flexible last-mile provisioning approach. IdentityIQ integrates easily with whatever identity technologies, tools and process are established or preferred. With SailPoint, the customer decides how changes are fulfilled to the resources across the organization.

High performance and scalability. SailPoint meets the performance and scalability requirements of some of the world’s largest customers. IdentityIQ is designed to scale horizontally, vertically and functionally, making it possible for SailPoint to manage hundreds of thousands of users, thousands of applications and millions of entitlements.

Centralized governance across datacenter and cloud environments. IdentityIQ is designed to handle access to all data, applications and other resources throughout the organization, from the datacenter to the cloud.

What are the Provisioning Integration Modules?

SailPoint recognizes that many organizations have significant investments in legacy provisioning systems. To maximize existing investments in these systems, IdentityIQ can leverage existing connectivity through alternative provisioning systems to connect to enterprise resources and pull user account data into its Identity Warehouse to support compliance and identity lifecycle management activities. IdentityIQ can also be configured to push changes resulting from day-to-day identity business processes down to the provisioning solution to implement account changes in target IT systems. SailPoint offers Provisioning Integration Modules (PIMs) for numerous legacy user provisioning solutions, including BMC Identity Manager, IBM Tivoli Identity Manager, Novell Identity Manager, Oracle Identity Manager, and Sun Identity Manager (Oracle Waveset).

What is Lifecycle Manager ?

IdentityIQ Lifecycle Manager delivers a businessoriented solution to deliver access securely and cost-effectively, through:

-Self-Service Access Request

-Automated Provisioning

What is Password Manager ?

IdentityIQ Password Manager delivers a simple-touse solution for managing user passwords to reduce operational costs and boost productivity.

-Self-Service Password Management

-Strong Password Policy Enforcement and Sync

What is Account Mappings?

Account Mapping page to setup and map specialized accounts. Specialized accounts can be any accounts
that justify special handling throughout your enterprise. For example privileged accounts such as Root,
Administrator, or SuperUser, and service accountsthat access a specific service orfunction on an application. Anyattribute extended on this page is available for searching on the Identity Search page.

You can assign icons to extended attributes to highlight these accounts in certifications and the detailed identity
pages.Specialized account attributes can be modeled to handle any concept using simple one‐to‐one mapping andrules. This section describes two of the most common scenarios.

Use the Account Attributes page to view the extended account attribute information for your configuration. Use
this page to set up specialized account attributes such as Privileged and Service, and any other extended
attributes for use in certifications and searches.

How to Create a Service Account Using Simple Mapping?

In this example, if IdentityIQ finds an attribute named Service that has a value of true on the application DB
Application it is marked as a service account. For this case the database connector has already provided an
attribute value to reflect the service state, so a simple mapping is all that is required.

Note: After configuring these attributes you mustre‐aggregate orrefresh the identity cubesto setthe values.

To configure the mapping:

1. Access the Account Attributes page.

Click the System Setup tab and select Account Mappings from the table.

2. Click Add New Attribute to display the Edit Account Attribute page.

3. Specify the following values:

Attribute Name — service

Display Name — Service Account

Edit Mode — Read Only

Attribute Type — boolean

Searchable — Read Only

Multi‐Valued — this is not a multi‐valued attribute so do not select this field.

4. Click Add Source Mapping to display the Add a source to the attribute dialog.

5. Map the attribute:

a. Select Application Attribute.

b. Select DB Application from the Application drop‐down list.

c. Select Service from the Attribute drop‐down list.

6. Click Add.

How to Add or Edit Extended Attributes?

 

1.Click New Attribute or click on an existing attribute to display the Edit Extended Attribute page.

2. Enter or change the attribute name and an intuitive display name.

Note: You cannot define an extended attribute with the same name as any application attribute that
is provided by a connector.

Note: If you define an extended attribute with the same name as an application attribute, the value
of the extended attribute overwrites the value of the connector attribute.

3. Select the attribute type from the drop‐down list, String, Integer, Boolean, Date, Rule, or Identity.

4. Optional: Enter a description of the additional attribute.

5. Optional: Select a category for the attribute.

6. Optional: Activate the Searchable check‐box to enable this attribute for searching throughout the product.

7.Optional: Activate the Editable check‐box to enable this attribute for editing from other pages within the
product.

8. Optional: Mark the attribute as required. For string type attributes only.

9. Optional: Enter allowed values for the attribute. For string type attributes only.

10. Optional: Specify a default value.

11. Click Save to save your changes and return to the Edit Application Configuration page.

What is Host configuration?

The Host Configuration page to monitor active servers running an IdentityIQ instance. This is also known as
an IdentityIQ cluster. The data provided on this page informssystem administrators of the current workload each server is maintaining.

How to Add or Edit Extended Entitlement Attributes?

1. Click New Attribute or click on an existing attribute to display the Edit Extended Attribute page.

2. Enter or change the attribute name and an intuitive display name.

Note: You cannot define an extended attribute with the same name as any application attribute that
is provided by a connector.

3. Select the attribute type from the drop‐down list, String, Integer, Boolean, Date, Rule, or Identity.

4. Optional: Enter a description of the additional attribute.

5. Optional: Select a category for the attribute.

6. Optional: Activate the Searchable check‐box to enable this attribute for searching throughout the product.

7. Optional: Activate the Editable check‐box to enable this attribute for editing from other pages within the
product.

8. Optional: Mark the attribute as required. For string type attributes only.

9. Optional: Enter allowed values for the attribute. For string type attributes only.

10. Optional: Specify a default value.

11. Click Save to save your changes and return to the Edit Entitlement Catalog Configuration page.

Define Role Configuration?

Role Configuration page to define custom extended role attributes and role types. The extended
attributes are displayed with the rest of the role information throughout the product. An example of a extended
role attribute might be role status. Role type is used to configure rolesto perform different functions within your
business model. For example, type might be used to control inheritance or automatic assignment of roles.

How to Add or Edit Role Types?

1.Click New Type or click on an existing type to display the Edit Role Type Definition page.

2. Enter or change the name and display name.

3. Enter an icon path to link to the iconic image associated with roles of this type in the Role Modeler.

To assign an icon to a role type, do the following:

a. Add two icon imagesto iiq_home/images/icons folder of yourIdentityIQ installation, one for the
role and one for the role as it is undergoing analysis or approval. For example,
.itIcon {
background-image: url(“../images/icons/modeler_application_16.png”)
!important;
background-repeat: no-repeat;
.itIconPendingbusiness process {
background-image: url(“../images/icons/
modeler_application_approval_16.png”) !important;
background-repeat: no-repeat;

b. Reference the images from the iiq-custom.css file in the iiq_home/css directory.

4. Optional: Select configuration options for the role type.

5. Click Save to save your changes and return to the Edit Role Configuration page.

How to create Direct Links to IdentityIQ?

Creating Direct Links to IdentityIQ

Lifecycle Manager enables you to create directlinksinto IdentityIQpagesfrom outside ofthe productfrom places
such as emails, forms, or portal. These direct links can either user yoursingle‐sign on solution or require usersto
login to IdentityIQ as an intermediate step. Direct links can also use a number of filtering options enabling users
to go directly to specific pages using specific filtering criteria.

The most common use of directlinksis a directlink to the IdentityIQ shopping cart with a pre‐selected set ofroles
and entitlements based on a users access level and group membership.

What is Application Re‐configuration?

The application re‐configuration option enables you to change the application type without loosing history
associated with the application or having to create a new application. For example, if you first deployed your
instance of IdentityIQ using a flat file connection, but now want to use some of the more advance features,such
as provisioning. The type defines the way in which IdentityIQ connects to the application.
Application types that have the same value format for identity and group attributes in the original and
re‐configure target are best suited for re‐configuration.

The following application types can be re‐configured:

Delimited file to the corresponding direct connector (Delimited File to Active Directory ‐ Direct)

JDBC connector to corresponding direct connector (JDBC to Oracle Applications ‐ Direct)

Agent based connector to direct connector (Active Directory ‐ Full to Active Directory ‐ Direct)

To a rewritten connector for better performance or more functional support (Google Apps ‐ Direct)

What is Apache Velocity Engine?

IdentityIQ email templates are processed through an open‐source engine called Apache Velocity. Velocity is a
Java‐based template engine that allows web page designers to reference methods defined in Java code.
IdentityIQ’s email templates make use of the Velocity Template Language to dynamically specify the email
messages’ contents and generate custom email messages specific to the recipient, work item, and action
involved.

The Velocity Template Language (VTL) is a fairly simple to use. Highlights are included below, and full
documentation on the syntax is available in the Apache Velocity User Guide or Reference Guide.

How to Approve Role Changes?

When roles are created or edited, they might require approval from the designated owner before they become
active. Work items are created and sent to the owners when approval is necessary. Use this procedure to review
and approve or reject role changes.
Role analysis and role approval are an important part ofthe overallrole life‐cyclemanagement. Role analytics and
approval, both for new or modified roles are controlled thought business processes configured for your
implementation of IdentityIQ.

Procedure

1. Click an approval work item in your Inbox on the Dashboard to display the Approval page.

2. Review the summary information of the work item.

3. Review the comments associate with the work item and, optionally, add comments.

4. Review the details sections.

Modification approvals — review the changes in the Modified Role or Modified Profile table and make a
decision.

Creation approvals — review the information in the New Role or New Profile panel, make the necessary
modifications, and make a decision. Some of the information is read only.

5. Click Review Pending Changes to display the Role Editor and review the changes proposed for the role.

6. Make a decision.

Approve — approve the creation or modification. Add comments if needed and confirm the approve on
the Approval Comments dialog.

Reject — reject the request for approval on the creation or modification. Add comments if needed and
confirm the rejection on the Rejection Comments dialog.

Forward — forward the approval work item to another user. Entering the first few letters of a name
displays a select list of valid users with namesstarting with those letters. Select a name from the list. Add
comments if needed.

Cancel — cancel the work you have done on the work item and return to the Dashboard.

“At TekSlate, we are trying to create high quality tutorials and articles, if you think any information is incorrect or want to add anything to the article, please feel free to get in touch with us at info@tekslate.com, we will update the article in 24 hours.”

0 Responses on SailPoint Interview Questions"

    Leave a Message

    Your email address will not be published. Required fields are marked *

    Support


    Please Enter Your Details and Query.
    Three + 6