Skip to content

Identity Outliers

Important

SailPoint enables this feature for customers in a staged rollout process. If Identity Outliers is not currently available in your environment, please contact Professional Services for information.

Identity Outliers, part of SailPoint's AI Services, enables IdentityNow administrators to quickly discover and remediate risky access in an organization. SailPoint discovers identities with access that is significantly different than their peers. By gathering and presenting these identity outliers in one place, admins can quickly examine and address risky access privileges in their organization.

Prerequisites

  • IdentityNow users must have the Access Insights service to access Identity Outliers.
  • IdentityNow users must have the Certifications service to launch certification campaigns from Identity Outliers.
  • Your organization must have configured a source and loaded account data.
  • Your organization’s account data must be onboarded into AI services.

Process Overview

  1. Launch the Identity Outlier Dashboard to discover outliers.
  2. Review the discovered outliers.
  3. Remediate some or all outliers.

Each process overview step is described in detail in the sections that follow.

Discovering Outliers

In IdentityNow, navigate to Admin > Identities > Outliers to display the Identity Outlier Dashboard. The dashboard presents high-level, summary information about outliers in your organization and recommended actions for remediation. SailPoint looks for new outliers regularly.

The dashboard can be accessed by Admins or users with the report admin user level.

The Outliers card displays the following information:

  • The total number of identities that have low-similarity access compared to others in the organization.
  • Trends over the last 30 days, such as how many more or fewer outliers have been discovered, or whether the number of outliers has stayed the same.

If your organization has the Certifications service, the Recommended Actions section of the dashboard provides a quick remediation action to certify all outliers.

Reviewing Outliers

Before you decide what to do about the identity outliers in your organization, you might want to review who they are and their role. To review a list of all discovered identity outliers, select the Total Outliers card.

The Identity Outliers page displays the date they were detected or redetected as an outlier, and identity attributes such as job title, department, or location. The identity attributes displayed can be changed with help from SailPoint Services.

From the Identity Outliers page, you can work with the list of outliers in several ways:

  • Filter and search on the list
  • Ignore and unignore outliers
  • View outlier access history
  • Create certification campaigns to certify selected identity outliers
  • Export outlier data to a .csv file

Complete the following steps to explore and evaluate outliers:

  1. On the Identity Outliers page, you can review the list of outliers as follows:

    • Scroll through the list.
    • Search for an identity name.
    • Select the Filter Outliers icon to filter outliers by certification status, outlier date range, or identity attributes.

      The Outlier Certification Status checkboxes pertain only to active certifications. Staged/scheduled certifications are not considered to be active.

  2. To see the access history for an outlier, select the More Options icon , then View Access History. You will be redirected to the Access History page for the identity.

  3. To ignore an identity outlier, select the More Options icon , then Ignore. The ignored identity will no longer appear in the Identity Outliers list.

    If the ignored identity's entitlements change significantly, the identity will be redetected as an outlier and will reappear in the Identity Outliers list.

  4. To unignore a previously ignored outlier, select the More Options icon , then Unignore.

  5. To export outlier data to a .csv file, select Export.

Remediating Outliers

You can remediate your organization’s identity outliers by starting a certification campaign to have their access reviewed and approved. Certifications help organizations reduce the risk of inappropriate access, satisfy audit requirements, and meet regulatory standards.

Note

Certification is limited to 1,000 identity outliers per campaign.

You can create outlier certification campaigns from the Identity Outlier Dashboard or from the Identity Outliers page:

  • On the Identity Outlier Dashboard, select Create Certification to start a certification campaign for all discovered outliers.

  • On the Identity Outliers page:

    • Select Create Certification for a single outlier.

    • Select checkboxes for multiple outliers, and then select any Create Certification button to certify several outliers in one campaign.

Identity Outliers will automatically pre-fill a new certification campaign with the identities and entitlements. You can review them and input an appropriate certification name and campaign details to confirm the campaign.

Best Practice

We recommend you include the text "Identity Outliers" in the certification name or description to capture the source of the campaign.