SailPoint's Recommendations service empowers users and certifiers in your organization to make more informed access decisions.
The Recommendations service, composed of Access Request Recommendations and Certification and Approval Recommendations, uses peer group analysis and identity attributes to recommend access to your users and help certifiers decided whether access requests should be approved or denied.
Availability and Prerequisites
IdentityNow customers with the Recommendations service receive recommendations related to certifications and access requests. IdentityNow customers can access Recommendations as soon as it is enabled for their org.
IdentityIQ customers with the Recommendations service receive recommendations related to certifications and approvals. IdentityIQ customers will need to complete steps to integrate or activate the Recommendations service. For integration information, see IdentityIQ Integration with IdentityAI for Decision.
For implementation/activation information see the following documentation:
Understanding Peer Group Analysis
Peer group analysis is a machine learning model that analyzes data based on groups.
The SailPoint Identity Platform uses peer group analysis in its AI Services to organize your identities into peer groups based on common entitlements, and simplify the creation and maintenance of a dynamic identity governance program.
Peer groups are constantly evolving with your data and updated on a daily basis.
Empowering Users with Access Request Recommendations
Access request recommendations help IdentityNow end users who are struggling to find the access items they need to request in the IdentityNow Request Center. Each user's top 15 access request recommendations, based on peer group analysis, are presented to them, enabling them to confidently request access for themselves.
By default, the access request recommendations that users see are restricted by location. For example, imagine an organization has identities with location attributes of "Austin" and "Remote". If the team members look very similar according to peer group analysis, but the recommendations are restricted by location, "Austin Facilities Access" would be recommended only to identities with the "Austin" location attribute.
The recommendation restriction can be disabled or set to a different identity attribute that makes sense for your organization. Contact Professional Services to disable or change your recommendation restriction.
Access request recommendations can be accessed in the following ways:
- By selecting View Access Recommendations on the banner that's displayed after logging in to IdentityNow
- On the Request Center's Recommended for You page
- On the Request Center's Applications page
- On the Request Center's Roles page
At Log In
When access request recommendations are available for an IdentityNow user, a banner is displayed to notify them when they log in. Selecting View Access Recommendations opens the Recommended for You Page in the Request Center.
Recommended for You Page
The Recommended for You page lists the user's top 15 recommended access profiles and roles. Depending on whether the access is an access profile or role, recommendations can include information about the percentage of similar teammates who have the same access and the apps associated with the access request.
Selecting an access profile or role displays additional information about the apps involved.
Request Center users can select Request to request the access, or select Ignore to dismiss the recommendation.
Applications and Roles Pages
Recommendations also appear on the Request Center's Applications and Roles pages.
Using Recommendations to Make Access Decisions
Certification and approval recommendations make the access reviewers and approvers in an organization more efficient and confident when approving, revoking, or denying access.
Access reviewers in IdentityNow receive certification recommendations. Access reviewers in IdentityIQ receive certification and approval recommendations.
When reviewers and approvers are evaluating access decisions, they will see recommendation icons to help guide their decision-making process.
Recommendation icons are used to communicate the following:
Selecting an icon displays more information.
If no icon is displayed, it means the identity is unique, and does not have a group of peers with similar access.
Recommendations are provided only to help guide reviewers and approvers. They are still ultimately responsible for making access decisions.