Sailpoint IIQ Interview Questions and Answers

SailPoint is a software program developed by SailPoint Technologies, Inc. SailPoint is an Identity Access Management (IAM) provider. It helps global organizations securely and effectively deliver and manage user access from any device to data and applications residing in the datacenter, on mobile devices, and in the cloud.

The company’s innovative product portfolio offers customers an integrated set of core services, including identity governance, provisioning, and access management. With a dedicated integration into the Beyond Trust platform, SailPoint IdentityIQ roles can be automatically synchronized with privileged and vulnerability accounts to provide comprehensive information on asset and user privileged activity. This extends both technologies into a complete lifecycle of identity and privilege access for all users and assets and meets compliance initiatives for privileged activity.

Identity and access management (IAM) is a system for securely initiating, storing and managing user identities and access permissions. IAM refers to a framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources.

Identity and access management is a critical part of any enterprise security plan, as it is inextricably linked to the security and productivity of organizations in today’s digitally enabled economy. It is Reduce risk of data breaches, centralize access control, Ensure regulatory compliance, Improve user experience, Reduce Costs.

SailPoint brings a unique combination of strengths to bear on every aspect of the new challenges of identity management. With innovative, industry-proven technology, a strong heritage in identity and access management, and a laser-like focus on identity governance, SailPoint is best equipped to help any organization run a successful identity management program with the following industry innovations.

• Risk-based approach
• Unified architecture
• Flexible last-mile provisioning approach
• High performance and scalability
• Centralized governance across datacenter and cloud environments

IdentityIQ is SailPoint’s identity and access management solution for enterprise customers who currently prefer an on-premises deployment. IdentityIQ helps your users effectively participate in a wide variety of IAM processes – including automated access certifications, policy management, access request and provisioning, password management, and identity intelligence.

And, with resource connectors included as part of the base platform, it delivers out-of-the-box integration to a wide variety of applications running in the datacenter or the cloud.

IdentityIQ provides the following key components to automate access certifications, policy enforcement, and the end-to-end access request and provisioning processes:

• Compliance Manager Streamlines’ compliance controls and improves audit performance through automated access certifications and policy enforcement.
• Governance Platform centralizes identity data, roles, business policy and risk modeling to support compliance initiatives and user lifecycle management.
• Identity Intelligence transforms technical identity data scattered across multiple enterprise systems into centralized, easily understood and business-relevant information including dashboards, reports and advanced analytics.
• Lifecycle Manager provides self-service access request and lifecycle event management to simplify and automate the creation, modification and revocation of user access privileges.
• User Provisioning provides flexible options for implementing changes requested by the business during compliance and lifecycle management processes.

Types of provisioning include:

Automated provisioning: In this detecting new user record from the Authoritative Source or HR System and automatically provisioning those users with appropriate access on target applications.

Self-service provisioning: In this allows users to update their profile data and request an account or request an entitlement and manage their own passwords.

Workflow-based provisioning: In this gathers the required approvals from the designated approvers before granting a user access to an application or data.

IdentityIQ Password Manager delivers a simple-touse solution for managing user passwords to reduce operational costs and boost productivity.

Self-Service Password Management

Strong Password Policy Enforcement and Sync

Account Mapping page to setup and map specialized accounts. Specialized accounts can be any accounts that justify special handling throughout your enterprise. For example, privileged accounts such as Root, Administrator, or SuperUser, and service accounts that access a specific service or function on an application. Any attribute extended on this page is available for searching on the Identity Search page.

You can assign icons to extended attributes to highlight these accounts in certifications and the detailed identity pages. Specialized account attributes can be modeled to handle any concept using simple one‐to‐one mapping and rules. This section describes two of the most common scenarios.

Use the Account Attributes page to view the extended account attribute information for your configuration. Use this page to set up specialized account attributes such as Privileged and Service, and any other extended attributes for use in certifications and searches.

The Host Configuration page to monitor active servers running an IdentityIQ instance. This is also known as an IdentityIQ cluster. The data provided on this page informs system administrators of the current workload each server is maintaining.

Role Configuration page to define custom extended role attributes and role types. The extended attributes are displayed with the rest of the role information throughout the product. An example of an extended role attribute might be role status. Role type is used to configure roles to perform different functions within your business model. For example, type might be used to control inheritance or automatic assignment of roles.

If you are planning to have a lot of receivers, I would not use the ONE-THREAD-AND-QUEUE-PER-RECEIVER approach. You could end up with a lot of threads not doing anything most of the time and I could hurt your performance wide. An alternative is using a thread pool of worker threads, just picking tasks from a shared queue, each task with its own receiver ID, and perhaps, a shared dictionary with socket connections to each receiver for the working threads to use

JRockit is a complete solution for Java SE which includes a high-performance JVM, profiling, monitoring and diagnostics tools, and can be used for predicting latency in Java applications

Eclipse Memory Analyzer is a Java heap analyzer that helps you find memory leaks and reduce memory consumption. It is more suited for being a general-purpose toolkit to analyze Java heap dumps and calculation of its size.  It can be used also reports leak suspects and memory consumption anti-patterns.

Identity Intelligence is transforms technical identity data scattered across multiple enterprise systems into centralized, easily understood and business-relevant information including dashboards, reports and advanced.

IdentityNow is the SaaS (Software as a Service) solution for IdentityIQ making SailPoint the only manufacturer offering IAM as a service. The solution allows user provisioning, password management and single sign-on (Single Sign On). IdentityNow is designed for complex hybrid IT environments and unifies identity management processes across all environments. The basis is the encryption and security technology of SailPoint.

It is the core of the Governance Platform serving as the central repository for identity and access data across all enterprise IT applications in the data center and the cloud. The warehouse is populated by importing user data from any authoritative source (e.g., HRMS) and user account and entitlement data from business applications, databases, platforms, and other systems. It is designed to scale and rapidly import access data from large numbers of applications and users by leveraging out-of-the-box connectors or via flat files.

• Access Review covering cloud and on-premise applications
• Automated provisioning and user life cycle management as a service
• Over 100 pre-built read and write connectors
• Single Sign on (SSO) as a service
• Password Management for on and off network password resets
• Access Request delivered as a service
• Identity warehouse representing the entire truth about the user identity
• Governance of roles and role policy management
• Securely deliver IGA with patented Zero Knowledge Encryption algorithm
• Visibility, reporting and querying for identities, entitlement, accounts and policies

SecurityIQ is SailPoint’s access governance solution for all unstructured data, whether on-premise or in the cloud. All enterprise applications and data can be centrally managed and controlled. SecurityIQ identifies the access to the data, thus minimizing the risk of unauthorized use. This way, the software helps to meet legal requirements and saves you a significant amount of time. The responsibility for managing the access privileges is shifted away from IT administration toward the technical decision.

Certifications in Sailpoint IQ can be divided into two categories. First on the basis of their “Time period of Execution” and second on the basis of their “functionality”.

Let’s first discuss their classification on the basis of their “Time period of Execution”

Certifications can be scheduled to run periodically or continuously. Continuous certifications focus on the frequency with which individual items need to be certified while periodic certifications focus on the frequency with which the entire certification needs to be completed.

Certifications can also be configured to run based on events that occur during an identity life-cycle for example, it might be configured to automatically generate a certification when an identity’s manager changes or any job change event or can be even creation of new identity etc.

Periodic Certification: Periodic certifications are scheduled to run on a periodic basis, hourly, daily, weekly, monthly, quarterly, and annually. These periodic access reviews provide a snapshot view of the identities, roles, and account groups. Periodic certifications focus on the frequency with which entire entities (identities, roles, account groups) must be certified.

Continuous Certification: Continuous certifications focus on the frequency with which individual items (roles, entitlements, and violations) contained within identity‐type certifications need to be certified and not on the frequency with which the entire certification needs to be performed. Continuous certifications do not use the sign off method.