Interpreting Identity Graph Data
The legend helps you understand and interpret the visual elements presented on the identity graph, helping you quickly gain context around the current state of a graph.
To display the legend, select the Legend button in the top right.
Access Objects
Colors and icons are used to distinguish between access object types, enabling quick identification.
- Identities - Human identities and AI agents. Â
- Access items - Entitlements, Access Profiles, and Roles.
Limited Availability
AI Agent Identities are only available to select customers. Visit SailPoint Product News for more information.
| Access Object | Description |
|---|---|
| Identity | Human identities and AI agents that have access. |
| Role | Represented by a green circle. Roles are the grouped sets of access assigned to an identity. |
| Access Profile | Represented by a pink circle. Access profiles are bundles of entitlements assigned to an identity. |
| Parent Entitlements | Represented by a grey circle. |
| Entitlement | Represented by a blue circle. |
There are three node types, each indicated by a different sized node displayed in the graph.
| Node | Description |
|---|---|
| Root node | Largest of the nodes and centered on an identity graph. This node represents the access object that the graph displays. All edges extend from this node. |
| Intermediate node | Nodes that are aggregates of access and do not explicitly represent any access. You can expand an intermediate node to show the direct nodes. |
| Direct node | Smallest of the nodes representing explicit access that is assigned to a user. When you expand an intermediate node, direct nodes are displayed |
Outer Rings on a Node
Outer rings appear around an access object when an action is performed on that node.
| Outer Rings | Description |
|---|---|
| Object is locked | A purple ring is present around a node that is locked. After repositioning a node, you can lock it in place to prevent it from moving when you manipulate other nodes on the graph. You can lock multiple nodes in place and manipulate the surrounding unlocked nodes. This feature is useful in dynamic layout. |
| Object is selected | A white ring is present around a node when it has been selected. Select one or more access objects to highlight the node and perform actions. |
| Object is right-clicked | A blue ring is present around a node when right-clicked. Right-click an object to select an action to apply to the node. |
Ring Indicators
Red rings on nodes indicate the total amount of privileged entitlements that exist within this object, helping to convey the latent risk associated with the access object. Use this indicator to monitor and govern more closely.
An object with a high privilege percentage has access to sensitive resources, while an object with no privilege has no access to sensitive resources. Use the percentages to assess the level of risk associated with each access object.
Lines
Lines represent the connections and relationships between access objects.
| Line | Description |
|---|---|
| Path | A link between two nodes that represents an existing relationship. |
| Outlier | Entitlements assigned to less than 1% of the organization. To display this line, your organization must utilize the Identity Outliers feature in Identity Security Cloud. |
| Multiple Path | Access object with more than one access path, which can pose a security risk. |
| Recently Granted | Access granted within the last 30 days. Helping to identify new and potentially unauthorized access. |
| Privileged | Access path that leads to privileged entitlements. |
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.