Machine Identity Security Overview

SailPoint Machine Identity Security helps organizations achieve comprehensive governance, compliance, and security outcomes related to machine accounts.

Machine Identity Security helps you:

• Discover and classify machine accounts on a source.

• Correlate machine accounts to an application identity.

• Certify application identities and their access.

• View and manage machine accounts for all sources.

To discover, classify, and manage machine accounts, users must be an Org Admin, Source Admin, or Source Sub-Admin who is a member of the source's governance group. Users identified as account owners may review application identities and their access in certifications.

Implementing Machine Identity Security

Your implementation process depends on the data available to your organization. For example, if your organization stores application data in a database, you can begin by using this data to create application identities. Organizations that do not maintain application data can create application identities at a later stage.

Choose your next step based on your configuration

Implementing with application data Implementing without application data

If your organization stores application data in a database, SailPoint recommends following this implementation process:

1. Configure sources that contain machine accounts.

2. Aggregate the machine accounts that require governance.

3. Create application identities to group machine accounts with their associated program or service.

4. Create machine account subtypes to classify existing and future machine accounts by their type and function.

5. Set criteria to determine which source accounts should be classified as machine accounts.

6. Map available account attributes to assign account owners and correlate machine accounts to a machine identity.

7. Process classification and mappings.

8. Review and update machine accounts and their attributes.

9. Create a machine account certification campaign to verify access items for application identities.

10. Certify machine identities and their access.

If your organization does not maintain application data, SailPoint recommends following this implementation process:

1. Configure sources that contain machine accounts.

2. Aggregate the machine accounts that require governance.

3. Create machine account subtypes to classify existing and future machine accounts by their type and function.

4. Set criteria to determine which source accounts should be classified as machine accounts.

5. Map available account attributes.

6. Process classification and mappings.

7. Review and update machine accounts and their attributes.

8. Create a machine account certification campaign.

9. Certify uncorrelated machine identities and their access.

10. Create application identities to group machine accounts with their associated application or service.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.