This tutorial intends to provide you with a summary of SailPoint's various managing platforms like compliance manager, lifecycle manager, password manager, governance platform, integration and connector modules, etc. Here, we also show you how to utilize IdentityIQ with InWebo products, basic principles, and how to configure Sailpoint IdentityIQ with InWebo SAML authentication. Further, the SailPoint Documentation process gives you a detailed idea of the layout and setup of multiple SaaS products for many SailPoint users. Also, you will explore the various elements of Sailpoint services.
SailPoint Introduction
SailPoint is identity management's automated version that minimizes the cost and difficulty of identity management for users while also giving them access. Sailpoint is a lightweight, portable app.
It is said to be a solution for identity management (IM) since it has more performance than IM. Further, IIQ is provided by Sailpoint and is known as the IIQ war file. All of the application modules are contained in this war file.
Upkeeping information access in today's advanced, data-driven environment is a problem that needs far more from IAM systems than ever before.
In IAM, SailPoint is the undisputed leader. Firms can now place IAM at the core of their security and IT strategy by utilizing IIQ and its Open Identity Platform. It allows them to view and manage access throughout the company, including on-premises and cloud systems and apps.
These days, Sailpoint is clinging to its status as a leader.
Productivity, Security, and Compliance all benefit from effective identity controls.
SailPoint IIQ is a cutting-edge identity management system that reduces the expense and complexity of complying with laws while still providing users with access. Traditional IM treats these areas singly and frequently employs a number of disparate products.
IdentityIQ, on the other hand, offers a unified strategy based on a single identity governance structure. It allows you to apply risk models, security policy roles, and business to access related activities consistently.
To automate access certifications, policy discharge, and end-to-end access request and provisioning methods, IIQ offers the following essential components.
1) Compliance Manager by IdentityIQ
It allows the company to increase compliance and audit performance while saving money.
- Access Certifications that are suitable for business.
- Policy management that is automated.
- Analytics and Audit Reporting.
2) Lifecycle Manager of IdentityIQ
It provides a business-oriented access solution that is both safe and cost-effective.
- Request for Self-Service Access.
- Provisioning that is automated.
3) IdentityIQ's password manager
It provides an easy way to manage user passwords while also lowering operating expenses and increasing productivity.
- Password Management using Self-Service.
- Enforce Strong Password Policies and Sync.
4) The IdentityIQ Governance Platform
Centralizing identity data and offering a single location to model roles, rules, risk, and business processes lays the groundwork for successful risk management.
5) Integration and Connectors Modules
It enables your company to connect to anything (on-premises and cloud-based apps and data) and combine IIQ with other IT security and operational solutions effortlessly.
6) IdentityIQ Intelligence on Identity
It enables your business to have 360-degree insight in order to discover data and swiftly identify hazards, as well as uncover compliance concerns and make the best decisions possible to increase efficiency.
Customers can use IdentityIQ to:
- Allow company users to control access from any computer or mobile device.
- To minimize risk, centralize visibility and governance controls.
- Improve productivity while lowering costs.
Want To Get SailPoint Training From Experts? Enroll Now For Free Demo SailPoint Training
Sailpoint Training
- Master Your Craft
- Lifetime LMS & Faculty Access
- 24/7 online expert support
- Real-world & Project Based Learning
The distinction is obvious
IdentityIQ is built for business users, converting IT terminology into useful business data and streamlining the user experience.
IIQ combines IM methods across cloud, mobile, and on-premises settings, making it fit for today's complex hybrid IT spaces.
By universally applying rules across all IAM services, SailPoint's governance-based solution centralizes visibility, enhances compliance, and eliminates risks – all while strongly decreasing execution costs.
Managing the Identity Business
SailPoint assists the world's leading companies in reducing risk, lowering IT expenses, and ensuring compliance. SailPoint IdentityIQ, the company's award-winning software, gives users better visibility and control over critical apps and data while simplifying the access request and delivery process. With risk-aware compliance management, closed-loop user life cycle management, flexible provisioning, an integrated governance architecture, and identity intelligence, IIQ is the industry's premier governance-based IM package that swiftly provides real results.
Configuring the Sailpoint
The installation procedure is as follows:
Requirements:
- RedHat Linux (my version: 7)
- Oracle Java JDK (my version: 1.6.0_45)
- Oracle MySQL (my version: 5.5.46)
- Apache Tomcat (my version: 6.0.45)
- Sailpoint IIQ (my version: 7.2)
Steps of Installation:
Step 1: Start downloading Sailpoint IdentityIQ 7.2
Step 2: Copy the zip file IdentityIQ-7.2.zip to the VM and unzip it
$ pwd
/var/tmp
$ ls
identityiq-7.2.zip
$ unzip identityiq-7.2.zip
$ ls
Integrating ConnectorGateway-6.4.zip, database doc identityiq-7.2.zip, and identityiq.war
Step 3: Create an IIQ72 root context and take out the war file.
$ mkdir /opt/sailpoint/tomcat/webapps/iiq72
$ cp /var/tmp/identity.war /opt/sailpoint/tomcat/webapps/iiq72/
$ cd /opt/sailpoint/tomcat/webapps/iiq64/
$ jar xvf identityiq.war
Step 4: Configure IdentityIQ 7.2's repository (MySQL)
$ cd /opt/sailpoint/tomcat/webapps/iiq72/WEB-INF/database
$ mysql -uroot -ppassword
mysql>source /opt/sailpoint/tomcat/webapps/iiq72/WEB-INF/database/create_identityiq_tables-7.2.mysql
mysql> show databases;
+————————–+
| Database |
+————————–+
| information_schema |
| identityiq |
| mysql |
| performance_schema |
+————————–+
Step 5: Configure IdentityIQ's database settings for connecting to its repository.
$ vi /opt/sailpoint/tomcat/webapps/iiq64/WEB-INF/classes/iiq.properties
##### Data Source Properties #####
dataSource.maxWait=10000
dataSource.maxActive=50
dataSource.minIdle=5
#dataSource.minEvictableIdleTimeMillis=300000
#dataSource.maxOpenPreparedStatements=-1
dataSource.username=identityiq
dataSource.password=1:iCAlakm5CVUe7+Q6hVJIBA==
##### MySQL 5 #####
## URL Format: dataSource.url=jdbc:mysql://:/?useServerPrepStmts=true&tinyInt1isBit=true&useUnicode=true&characterEncoding=utf8
dataSource.url=jdbc:mysql://localhost/identityiq?useServerPrepStmts=true&tinyInt1isBit=true&useUnicode=true&characterEncoding=utf8
dataSource.driverClassName=com.mysql.jdbc.Driver
sessionFactory.hibernateProperties.hibernate.dialect=sailpoint.persistence.MySQL5InnoDBDialect
Step 6: Import IdentityIQ's default objects to get the system started.
$ chmod +x /opt/sailpoint/tomcat/webapps/iiq64/WEB-INF/bin/iiq
$ /opt/sailpoint/tomcat/webapps/iiq64/WEB-INF/bin/iiq console -j
Using JLine
> import init.xml
Step 7: Start running Apache Tomcat and use a browser to test the login page.
(IMG)
RedHat Installation Process
The objective of this lab is to demonstrate how to set up GIT on RedHat 7.2. The RedHat repository has an earlier version of GIT (now version 1.8.3.1), which must be manually installed to obtain the most recent version (currently 2.11.0). The steps are as follows:
Step 1: GIT can be downloaded and unzipped/untarred as follows:
$ sudo cd /home/geologic/software
$ sudo wget https://www.kernel.org/pub/software/scm/git/git-2.11.0.tar.gz
$ sudo tar xzf git-2.11.0.tar.gz
Step 2: Install the necessary packages.
$ sudo yum install gcc openssl-devel expat-devel curl-devel perl-ExtUtils-MakeMaker
Step 3: GIT should be installed as shown below.
$ cd /home/geologic/software/git-2.11.0
$ make prefix=/usr/local/git all
$ make prefix=/usr/local/git install
Step 4: Verify the version and add git to the path.
$ /usr/local/git/bin/git –version
git version 2.11.0
$ echo “export PATH=/usr/local/git/bin:$PATH” >> /etc/bashrc
$ source /etc/bashrc
$ git –version
git version 2.11.0
Docker installation on RedHat
Docker requires a 64-bit OS and a Linux kernel 3.10 or above. Currently, here we are using RedHat 7.2 with kernel 3.10.0. On RedHat, use the following commands to verify this information:
$ uname -r
3.10.0-327.13.1.el7.x86_64
$ cat /etc/redhat-release
Release 7.3 of Red Hat Enterprise Linux Server (Maipo)
To install Docker, we will use yum, so make sure your current packages are up to date:
$ sudo yum update
We'll add the Docker yum repo as follows:
$ sudo vi /etc/yum.repos.d/docker.repo
And then paste the below text:
[dockerrepo]
name=Docker Repository
baseurl= https://yum.dockerproject.org/repo/main/centos/7/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
We'll install Docker as follows after saving the file:
$ sudo yum install docker-engine
At the end of the installation, we should see something similar to this:
docker-engine.x86_64 0:1.12.5-1.el7.centos
Installed dependency:
docker-engine-selinux.noarch 0:1.12.5-1.el7.centos
libseccomp.x86_64 0:2.3.1-2.el7
libtool-ltdl.x86_64 0:2.4.2-21.el7_2
Subscribe to our youtube channel to get new updates..!
The steps for installing SailPoint IdentityIQ, RedHat, and Docker are as follows.
Introduction to Sailpoint IdentityIQ using InWebo
InWebo offers software 2-factor authentication with a security level of <>. InWebo tokens may be used on any platform (smartphone, tablet, desktop, etc.) and in a self-service mode without requiring any knowledge. InWebo provides a highly available, trusted platform built with Hardware Security Modules (HSM) that is compatible with existing IM systems. You can deploy it in the SaaS mode in a matter of hours with no additional investment or infrastructure.
Basic Principles of Sailpoint IdentityIQ
Many built-in interfaces are supported by the InWebo Google Appsstrong validation service, including Web Services API, Radius, SAML 2.0, and many others. RADIUS is the ideal approach for interacting with a network device (reverse proxy, firewall, etc.). It is what we'll go through in more detail in this document.
The following is a description of architecture:
Users can download and manage their own InWebo tokens. Your company's system admin simply needs to do the following to get the system up and running:
- Configure the SAML authentication portal in IdentityIQ.
- Make an account with InWebo.
- Download, install, and activate one of the InWebo tokens.
- In this InWebo account, set up a SAML connector.
- Perform an authentication test.
The entire system could be up and operating in around 15-20 minutes.
Configuring Sailpoint IdentityIQ with inWebo SAML authentication
- Configuring the SAML IdP connector in inWebo
You must first add a SAML connector to the InWebo IdP part since it is easier to construct the IdP connector using IdP metadata.
- Access the admin console of InWebo.
- Select the "Secure Sites" tab.
- Select a "SAML 2.0" connector from the "connectors" section's drop-down list.
- Optional: Give it a name, like 'SailPoint IIQ SAML 2.0'.
- For the time being, leave SP Metadata blank.
- By clicking the "Add" button, you may verify.
- The windows, and also the newly produced IdP Metadata, are updated when a successful message is received.
- To save them to your PC, click the link that says "Download inWebo IdP SAML 2.0 metadata in XML format."
- To save the certificate to your PC, click on the link - "Download inWebo IdP SAML 2.0 certificate". SAML assertions will be encrypted using it.
Keep this SAML connection open in your browser since we'll need to copy-paste some information in the following step.
- SailPoint SAML SP service configuration
In a new browser window, go to your IdentityIQ admin interface.
We'll need to set up a SAML IDP connection so that Sailpoint IIQ (as a SAML service provider) can submit authentication requests to this IDP (inWebo) and rely on it to validate users and grant access to the resources behind it.
Note: The URLs below must be adapted to fit your specific area. The exact URLs are supplied in the SAML v2 connection popup in the inWebo web admin console or the Metadata file available from the inWebo web admin console for your own setup.
- Navigate to the Global Settings -> Login Configuration -> SSO Configuration -> Enable SAML-Based Single Sign-On (SSO).
- The Metadata from the inWebo online admin panel is used to generate the Entity ID (Issuer):https://www.myinwebo.com/console/c//saml2//metadata (= 'Issuer URL' inside the SAML connector of inWebo )
- Identity Provider SSO (Single Sign-on) Service URL :https://www.myinwebo.com/console/c//saml2/ ( = 'Single Sign On URL' inside inWebo SAML connector)
- SAML URL (ACS- Assertion Consumer Service):https://www.myinwebo.com/console/c//saml2/ ( = same as above)
- Public X.509 Certificate: Open a text editor and put the contents of the certificate you got from the inWebo web admin interface here.
- Correlation Rule for SAML: Make use of the default service.
(IMG)
It is how your setup should now look:
(IMG)
- Using IdentityIQ to export SAML SP metadata to inWebo
You must provide the SP metadata from IdentityIQ to the InWebo SAML IdP, which handles authentication for this SP. You can get the information you need to achieve this by exporting the SAML SP metadata to a file.
In a text file, download the IdentityIQ SAML metadata.
You must now complete the SP metadata on the InWebo IdP SAML Connector with the information from the downloaded XML file.
- In a text editor, open the downloaded XML metadata and copy the full contents of that file to your computer's clipboard. (Almost all of the time, on Windows computers, CTRL+C is used).
- To return to your inWebo administration console (https://www.myinwebo.com/console), choose "Secure Sites" from the tab.
- Click the pen icon to the right of the connection name in the "connectors" section to edit the previously inserted "SailPoint SAML 2.0" connector.
- In the Metadata Service Provider (SP) area of the opened window, paste the Metadata from the clipboard. (Most of the time, on Windows computers, CTRL+V is used).
- Select 'Enable SSO' = 'Yes' from the 'Connector Options' option.
- Set 'NameIDFormat' = 'Email address (emailAddress)'.
- Set' NameID value (NameIDAttribute)' = 'User login'.
- The 'SAML Attributes' section should be left alone.
- Check by clicking the Update button, then use the Cancel button to close the window.
It is how your SAML connection should now look:
(IMG)
- Test your integration
To test it, type the URL for the IdentityIQ Login page.
If your existing web browser is enrolled as a device within inWebo, you should now be routed to an inWebo validation screen that shows Virtual Authenticator.
You will be asked to insert your login in the space to authenticate using your mobile phone if your current browser is not enrolled. It must have been enrolled before.
Advantages of SailPoint Documentation
The following are the various benefits of SailPoint testimony:
- Obtaining excellent customer service.
- Minimize the level of customer inquiries and support.
- Easily comprehend various SailPoint features.
Enroll Now For Free Demo SailPoint Training in Hyderabad
Conclusion
In this blog, we have covered all concepts of IdentityIQ platforms that help in organizing and managing the Sailpoint. We have also seen how to configure and install Sailpoint on RedHat Docker installation on RedHat. The concept of using the InWebo product for IdentityIQ was also explained, along with basic principles and configuration steps of SAML authentication.
Related Articles
Categories
- Top ServiceNow Integrations one Should Know
- What is Servicenow
- Servicenow Certification
- Servicenow Interview Questions
- Servicenow Tutorial
- Servicenow Ticketing Tool
- Servicenow SLA
- ServiceNow Fundamentals
- ServiceNow Administration
- ServiceNow Developer Instance
- ServiceNow Reporting
- ServiceNow Integration
Neelima
Servicenow AdministratorRequest for more information
Popular Blogs
