Skip to content

Managing Machine Identities

A machine identity represents an application or service that related machine accounts are grouped within. For example, an organization might group and correlate all of their automated teller service accounts to an Automated Teller machine identity. These groupings allow users to organize and oversee their organization’s service accounts, bots, and other machine accounts.

Note

This document describes machine identities created through the Machine Identity Security feature. For general information on identities, refer to Managing Identities.

Creating Machine Identities

Organizations may create machine identities at different stages in their implementation process. For example, if your organization’s data is stored in a database, you may create machine identities before classifying the machine accounts on a source.

If your organization doesn't maintain application data, you may create machine identities after machine accounts have been classified on a source. When machine account attributes were mapped, the Machine Identity field might have been left unmapped, resulting in the creation of an uncorrelated machine identity for each machine account.

If multiple uncorrelated machine identities exist for the same application, you can create a machine identity to represent the application and correlate the related machine accounts to the new machine identity. Once correlated, Identity Security Cloud deletes the uncorrelated machine identities from your tenant. Manually-created machine identities remain if their associated machine accounts are correlated to a different machine identity.

To create a machine identity:

  1. Go to Admin > Identity Management > Identities.
  2. Select Machine Identities from the left panel.
  3. Select Create New to create a new machine identity.
  4. Enter a unique name and description to help users differentiate the machine identity from others.
  5. In the Business Application field, enter a unique value that describes the application or service the machine identity represents. If your application data is stored in an attribute, enter the value for that attribute to correlate machine accounts to this machine identity.
  6. Select Save to create the machine identity.

If machine accounts have been classified for this source, ensure the machine accounts have been correlated to the correct machine identities.

If you created machine identities first, you can now classify machine accounts on the source.

Viewing a Machine Identity's Control Panel

Like human identities, you can review additional details about machine identities and track their accounts and usage from their control panel.

To access a machine identity’s control panel:

  1. Go to Admin > Identity Management > Identities.

  2. Select Machine Identities from the left panel.

  3. Find and select a machine identity to view its control panel.

From the control panel, you can perform the following actions:

  • View and copy the machine identity’s attributes in the Details tab.

  • View and update the machine accounts correlated to the machine identity in the Accounts tab.

  • Review audit events in the Events tab.

  • Update or delete the machine identity by selecting the Actions menu in the upper-right corner of the page.

Updating Machine Identities

After a machine identity has been created, you can update its name, description, and business application from the machine identity’s control panel. This can be useful in cases where auto-created identities are missing attributes or require updates.

  1. Go to Admin > Identity Management > Identities.

  2. Select Machine Identities from the left panel.

  3. Select Actions > Update Identity for the machine identity that requires updates.

    Alternatively, you can go to the machine identity’s control panel and select Actions > Update Identity in the upper-right corner of the page.

  4. In the new window, make the required changes and then select Save.

The machine identity's control panel automatically refreshes and displays your changes.

Deleting Machine Identities

When your organization decommissions an application, you might need to delete the machine identity representing it. After the machine identity's correlated accounts have been deleted, you can delete the machine identity.

Note

Uncorrelated machine identities that have not been manually edited are automatically removed from the system when their correlated machine accounts are correlated to another identity.

  1. Go to Admin > Identity Management > Identities.

  2. Select Machine Identities from the left panel.

  3. Select Actions > Delete Identity for the machine identity that requires deletion.

    Alternatively, you can go to the machine identity's control panel and select Actions > Delete Identity in the upper-right corner of the page.

  4. Confirm the deletion. The machine identity is removed from Identity Security Cloud.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.