Supported Features

Note
*Role aggregation takes care of aggregating the trust polices (entities that can assume a role) as direct permission.

Supported Features Comparison with Cloud Governance

Important
You must have an IdentityIQ Cloud Governance license to enable cloud governance features. If you already have a CAM license, no additional license purchase is required. Contact your SailPoint Customer Success Manager to request access and for more information.

Supported Features

IdentityIQ AWS Connector (Standard Features)

IdentityIQ AWS Connector (With Cloud Governance SKU)

Account Management

  • Manage IAM Users under the AWS Account as Accounts

  • Aggregate, Refresh Accounts

  • Create, Update, Delete

  • Change Password

  • Enable and Disable

Note
For more information on enabling and disabling, refer to IAM User Status.

  • Aggregate IAM Users and its connected Entitlements (Groups, AWS Managed Policies, Customer Managed Policies, and Inline Policies)

  • Add/Remove Entitlements (Groups, AWS Managed Policies, Customer Managed Policies, and Inline Policies)

Yes

Note

Only IAM groups have user-friendly names, while all other Entitlements are displayed using ARN.

Yes

Note

Every Entitlement is displayed using user-friendly names.

Group Management*

  • Manage IAM Groups

  • Aggregate, Refresh Group

  • Create, Update, Delete

Yes

Yes

AWS Managed Policies

  • Manage as group object

  • Aggregate, Refresh

No

Yes

Customer Managed Policies

  • Manage as group object

  • Aggregate, Refresh, Create, Update

    Note
    Updating the Customer Managed Policy creates a new policy version.

No

Yes

Inline Policies Management

  • Manage as group object

  • Create, Update

  • Aggregate, Refresh

No

Yes

Organization Unit

  • Manage as group object

  • Aggregate, Refresh

No

Yes

Service Control Policy

  • Manage as group object

  • Aggregate, Refresh

No

Yes

AWS Accounts

  • Manage as group object

  • Aggregate, Refresh

No

Yes

Tags Management

  • Aggregate and refresh of tags attribute for IAM User

Yes

Yes

Tags Management

Aggregate and refresh of tags attribute for the following entities:

  • IAM Role

  • Customer Managed Policy

  • Service Control Policy

  • Organization Unit

  • AWS Account

No

Yes

IAM Role Management

  • Manage as group object

  • Aggregate, Refresh

  • Provisioning *

  • Update, Add, and Remove AWS Managed Policy or Customer Managed Policy from Role.

No

Yes