Skip to content

Access Overview

Managing and securing access is key to governing identities in the cloud. Identity Security Cloud governs several types of access, and allows you to bundle access into groups based on your business needs.

Entitlements

Entitlements represent basic access rights on sources. Depending on the source they come from, you can find the following additional details about the entitlements in your system:

  • Cloud Access Details - If your site licenses a SailPoint cloud access solution, you can view cloud access data related to entitlements after creating or editing cloud-enabled entitlement types.
  • Permissions - Permissions describe individual units of read, write, or other access on a system. These permissions can be granted to users and aggregated in the form of entitlements or attributes on entitlements.
  • Relationships - View the parent and child relationships each entitlement has.
  • Type - Some sources support multiple types of entitlements, each with a different attribute schema.

Entitlements can be bundled together to create access profiles.

Access Profiles

Access profiles are bundles of entitlements, representing a specific set of access from a single source.

They're used in most features of Identity Security Cloud, including:

  • Provisioning - Access profiles can be granted to users as part of lifecycle states or roles.
  • Certifications - Access profiles can be approved or revoked in certification campaigns, just like entitlements.
  • Access Requests - By assigning access profiles to an access applications and marking them as requestable, you can let users request access they need.

Access profiles can be bundled within both roles and lifecycle states.

Roles

Roles are bundles of access profiles that come from a variety of sources. They're often used to represent the access on the sources associated with a user's specific job.

Roles can be used in automated provisioning or access requests.

Lifecycle States

Lifecycle states control the source access granted to users based on their employment status within your organization. They can be used to automatically provision and deprovision access when an identity's status changes.

User Levels

User levels control an identity's access to parts of Identity Security Cloud, rather than external sources.

Administrators grant user levels to identities to delegate some types of tasks, such as creating certification campaigns or managing audit report, without giving them full administrator access.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.