Skip to content

Access Recommendations for IdentityIQ

SailPoint Access Recommendations empowers users and certifiers in your organization to make more informed access decisions. It uses peer group analysis and identity attributes to recommend access to your users and help certifiers decide whether access requests should be approved or denied.

IdentityIQ customers with Access Recommendations can receive recommendations related to certifications and approvals. Recommendations can be enabled globally in IdentityIQ for certifications.

IdentityIQ customers will need to activate Access Recommendations for IdentityIQ before being able to use it.

Understanding Peer Group Analysis

Peer group analysis is a machine learning model that analyzes user data and calculates similarity based on identities and their access. A network graph representation of identity-to-identity, entitlement-based similarity is used to identify densely connected communities of identities.

SailPoint AI-Driven Identity Security uses peer group analysis to organize your identities into peer groups based on common entitlements, and simplify the creation and maintenance of a dynamic identity governance program.

Peer groups are constantly evolving with your data and are updated regularly.

Using Recommendations to Make Access Decisions in IdentityIQ

Certification and approval recommendations make the access reviewers and approvers in an organization more efficient and confident when approving, revoking, or denying access.

Certification and approval recommendations are generated based on the following:

  • Peer group analysis
  • The organization’s identity attributes
  • Recommendation threshold calculation

Access reviewers in IdentityIQ receive certification and approval recommendations for entitlements and roles. Availability depends on the IdentityIQ version as shown in the following table.

Access Recommendations Availability by IdentityIQ Version
Self-service access requests 8.2 (roles)
Access request approvals 8.1 (entitlements), 8.3 (roles)
Access reviews/certifications 8.1 (entitlements), 8.3 (roles)
Automatic approvals for access reviews/certifications 8.1 (entitlements), 8.3 (roles)

When reviewers and approvers are evaluating access decisions, they will see recommendation icons to help guide their decision-making process. These recommendations leverage statistical methods to automatically determine the best combination of identity attributes and machine learning outputs to inform a decision threshold for making intelligent access recommendations.

Recommendations icons appear in and IdentityIQ as follows:

IdentityIQ access decision recommendations.

Recommendation icons are used to communicate the following information:

  • IdentityIQ recommendations thumbs up icon. - More than 70% of the identities in the peer group have the access.

  • IdentityIQ recommendations thumbs down icon. - The access is unique within the identity's peer group, or 70% or less of the identities in the peer group have the access.

Selecting an icon displays more information about the recommendation.

If no icon is displayed, it means the identity is unique, and does not have a group of peers with similar access.

Important

Recommendations are provided only as guidance. Reviewers and approvers are still ultimately responsible for making access decisions.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.