Access Recommendations for IdentityIQ
SailPoint Access Recommendations empowers users and certifiers in your organization to make more informed access decisions. It uses peer group analysis and identity attributes to recommend access to your users and help certifiers decide whether access requests should be approved or denied.
IdentityIQ customers with Access Recommendations can receive recommendations related to certifications and approvals. Recommendations can be enabled globally in IdentityIQ for certifications.
IdentityIQ customers will need to activate Access Recommendations for IdentityIQ before being able to use it.
Understanding Peer Group Analysis
Peer group analysis is a machine learning model that analyzes user data and calculates similarity based on identities and their access. A network graph representation of identity-to-identity, entitlement-based similarity is used to identify densely connected communities of identities.
SailPoint AI-Driven Identity Security uses peer group analysis to organize your identities into peer groups based on common entitlements, and simplify the creation and maintenance of a dynamic identity governance program.
Peer groups are constantly evolving with your data and updated on a daily basis.
Using Recommendations to Make Access Decisions in IdentityIQ
Certification and approval recommendations make the access reviewers and approvers in an organization more efficient and confident when approving, revoking, or denying access.
Certification and approval recommendations are generated based on the following:
- Peer group analysis
- The organization’s identity attributes
- Recommendation threshold calculation
Access reviewers in IdentityIQ receive certification and approval recommendations for entitlements and roles. Availability depends on the IdentityIQ version as shown in the following table.
|Access Recommendations||Availability by IdentityIQ Version|
|Self-service access requests||8.2 (entitlements), 8.2 (roles)|
|Access request approvals||8.1 (entitlements), 8.3 (roles)|
|Access reviews/certifications||8.1 (entitlements), 8.3 (roles)|
|Automatic approvals for access reviews/certifications||8.1 (entitlements), 8.3 (roles)|
When reviewers and approvers are evaluating access decisions, they will see recommendation icons to help guide their decision-making process. These recommendations leverage statistical methods to automatically determine the best combination of identity attributes and machine learning outputs to inform a decision threshold for making intelligent access recommendations.
Recommendations icons appear in and IdentityIQ as follows:
Recommendation icons are used to communicate the following information:
- More than 70% of the identities in the peer group have the access.
- The access is unique within the identity's peer group, or 70% or less of the identities in the peer group have the access.
Selecting an icon displays more information about the recommendation.
If no icon is displayed, it means the identity is unique, and does not have a group of peers with similar access.
Recommendations are provided only as guidance. Reviewers and approvers are still ultimately responsible for making access decisions.