Skip to content

Configuring AI-Driven Identity Security

Use the AI-Driven Identity Security Configuration page to connect IdentityIQ to AI-Driven Identity Security. From the gear icon, select Global Settings > AI Configuration. Note that the AI Configuration option does not appear in the Global Settings page until you have completed the steps in Integrating SailPoint AI-Driven Identity Security (link).

Note

Websphere and IBM JDK: Connections to AI-Driven Identity Security using the IBM JDK require a JVM argument to support TLS version 1.2. If you deploy IdentityIQ on WebSphere, or other application servers using the IBM JDK, you must specify the JVM argument -Dcom.ibm.jsse2.overrideDefaultTLS=true for your Java process. To do this in WebSphere, add the JVM argument to the Generic JVM arguments at: Servers > Java and Process Management > Process Definition > Java Virtual Machine > Generic JVM arguments.

For general information on getting started with AI-Driven Identity Security, see Getting Started with AI-Driven Identity Security for IdentityIQ (link).

Connection Information for AI-Driven Identity Security

AI-Driven Identity Security Hostname
The host name of the AI-Driven Identity Security access recommendation API.
For example, https://<org>.api.identitynow.com

Client ID
OAuth client ID for the AI-Driven Identity Security access recommendation API. See Generating Client Credentials in Your Identity Security Cloud Tenant (link) for details on how to generate this credential.

Client Secret
OAuth client secret for the AI-Driven Identity Security access recommendation API. See Generating Client Credentials in Your Identity Security Cloud Tenant (link) for details on how to generate this credential.

Advanced

Read Timeout
The number of seconds IdentityIQ will wait to read access recommendations from AI-Driven Identity Security before reporting a failure.

Connect Timeout
The number of seconds IdentityIQ will wait to connect to AI-Driven Identity Security before reporting a failure.

Testing Your Connection

Once your configuration details have been entered, you can click Test Connection to verify that the connection information is accurate and operating.

If you are using an HTTP or HTTPS proxy for IdentityIQ's communications, and you want to make an exception for connecting to AI-Driven Identity Security, you can configure your AI-Driven Identity Security connection to bypass the proxy connection by adding this key to the IdentityAIConfiguration object:

<entry key="ignoreProxyProperties" value="true" />

Save your settings before leaving the page.