Interacting with Identity Graph
When you have an identity graph open, you can:
- Interact with the access object to gain further insight.
- Filter the graph to view specific data.
- Add layers and layouts to change the visual aspect of the graph.
Interacting with the Access Objects
Interacting with the graph and its nodes involves manipulating the graph to explore the data with actions.
Use the icons at the bottom of the graph, right-click a blank space on the graph or node for a list of actions, or use the keybindings.
You can manipulate the graph using the following actions.
| Action | Description |
|---|---|
| Zoom in and out | To zoom in or out of the graph, use the mouse wheel. Zooming into a graph allows you to view a specific area for a more thorough examination of the relationships, view details, and pinpoint data points. To zoom in on the graph so all its nodes are visible on the screen, select Zoom to Fit. To realign the graph to the center of the Identity Graph interface, select Center Graph. |
| Pan | Drag the background of the graph to move it in any direction without changing its zoom level. After zooming in, pan to navigate and inspect specific areas to analyze the data more closely. |
| Drag | The identity graph or individual nodes can be dragged to a new position on the graph. Drag the identity graph To drag a graph and view certain parts of the graph, especially if you have zoomed in on the graph, left-click anywhere on the graph, not a node, and move the mouse to reposition the entire graph. Drag an individual node Drag an individual node to visually rearrange, organize complex relationships, and create a more intuitive layout to enhance your interaction and exploration. Left-click and hold, then move the mouse to reposition the node on the graph. |
| Expand | To expand a node and reveal its hidden connections, select the Plus in the node. Expanding nodes provides a better understanding of the relationships, allowing you to explore the graph more deeply. To expand all nodes in all the layers that have a Plus, select Expand All Objects To expand only the visible nodes that have a Plus, select the Expand Next Layer of Objects. |
| Collapse | To collapse a node and hide its connections, select the Minus in the node. Collapsing nodes helps organize the graphs and simplify the visual display, allowing you to focus on other areas of the graph. To hide all connections that have a Minus, select the Collapse All Objects. |
| Locking Nodes | The locked node does not move when you manipulate the graph. To lock a single node, right-click the node. A blue ring is present around the node when selected. Then select Lock node. A purple ring is present around the node when locked. |
| Unlocking Nodes | The unlocked node moves when you move the graph. To unlock a node, select a node with a purple ring, right-click, and select Unlock node. To unlock all locked nodes, select the Unlock All Nodes icon. |
Using Keybindings
Select the Keybindings icon 
in the top right for a complete list of keyboard shortcuts to help you quickly navigate actions, commands, and functions.
Viewing Access Object Details
To view additional details about each node:
-
Node label - Hovering over an identity shows the labels of the identity and those of all its access items. Hovering over an access item highlights only its connections and their labels.
-
Access Object Details window - Displays information from the access object details available in Identity Security Cloud. To open, right-click an access object and select View Details. The available actions are dependent on the access object type.
Select the dropdown arrow for each heading to view the details.Information relating to identities
Section Description Details View additional information about an identity. Attributes Lists additional attributes linked to the identity. Events View a list of key identity events. Accounts View the machine accounts linked to the identity. Information relating to access items
Section Description Details View information about the access object. Source View source and account attribute details.
Node Actions
When you right-click a node, the outer ring of the node highlights blue. Select from a list of actions. The available actions are dependent on the access object type.
| Action | Description |
|---|---|
| View Graph | Opens the identity graph for the node. Opening another identity graph causes you to lose any updates made to the open graph. To save the identity graph: - Create a snapshot. - If you opened a saved snapshot, make sure to update your snapshot. - If you've made updates to a shared snapshot and want to save the changes, create a new snapshot. |
| View Details | Displays the access object Details panel, providing configuration details. Depending on the access object, the panel may also include attributes, source, account, and event information. |
| Open in ISC | The access object is opened in Identity Security Cloud within a new browser tab, while keeping your Identity Graph browser tab open. |
| Add to Explorer List | Adds the access object to the Explorer for easy access. |
| Remove from Explorer list | Removes the access object from the Explorer. If you remove a root node from the explorer, the graph is closed. |
| Lock Node | Locks the position of the node to its current position on the graph, preventing it from moving when you manipulate the graph. |
| Unlock Node | Unlocks the position of the node, enabling it to move when you manipulate the graph. |
| Filter by this Node | Displays the relationships for the access object. |
| Expand all children | Expands all nested entitlement hierarchy nodes contained within or inherited from an access item, including multiple levels with parent and child entitlements. |
| Expand all parents | Expands all assigned entitlements directly associated with an identity, granted via an access profile, or roles connected to the identity. |
Filtering Data Presented on a Graph
Manipulate the data to display granular data combinations by leveraging the filters. When you select a filter, the identity graph updates and presents you with the data relating to your selected filter criteria.
- Select Filters to the left of the identity graph.
-
Apply a filter using one of these methods:
-
Use the toggle to apply a predefined filter
Selecting a predefined filter updates the identity graph.
Filter Description Multiple Path Access Access granted to an object from more than one access item. Privileged Access Nodes with a privilege entitlement indicator of high. Recently Granted Access Entitlements granted within the last 30 days. Outliers - Rare Access Entitlements assigned to less than 1% of the organization.
Note: To display this line, your organization must utilize the Identity Outliers feature in Identity Security Cloud.Show Indirect Access Nested entitlements that are not directly assigned to the identity, and may have multiple levels with parent and child entitlements. Refer to Entitlement Hierarchy and Inheritance. -
Build your own by adding one or more filter criteria
Field Description Type Select the access object to filter on. Attribute Select the attribute to use in this filter. Operator Choose an operation to compare the attribute to the value you enter. Select Apply Filter to update the identity graph to match the filter criteria.
-
Toggle a filter and then configure additional filter criteria
Select Apply Filter to update the identity graph to match the filter criteria.
-
Note
Filter criteria are connected by AND operators, and return items that have all of your search terms in the access object. A maximum of three filter criteria can be added. Â
Adding Layers and Changing the Layout
You can apply multiple layers and change the layout of the graph to improve clarity and visualize the identity graph in a different aspect.
Adding Layers
Add layers to reveal additional information about the node.
- Select Layers to the left of the identity graph.
-
Select one or more layers.
- Labels - When you hover over a node, the metadata is displayed for the node and all its connections.
- Context - Adds color and relationships to lines.
- Names - The name of each node is visible on the graph.
-
The layer is applied and visible on the graph.
A green dot marks added layers, while a grey dot indicates that the layer has not been applied.
Changing the Layout
By default, the identity graph is displayed in a dynamic layout, where the root node is centered on the graph. Other available layouts include top-down and left-right.
To change the layout of an identity graph:
- Select Layouts to the left of the identity graph.
-
Select the layout choice to be applied to the graph.
- Dynamic - Displays the root node centered on the graph.
- Top-down - Positions the root node at the top and displays all other nodes below.
- Left-right - Displays the root node to the left and all other nodes to the right.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.