Machine Identity Security Overview

SailPoint Machine Identity Security helps organizations achieve comprehensive governance, compliance, and security outcomes related to machine accounts.

Machine Identity Security helps you:

• Discover and classify machine accounts on a source.

• Correlate machine accounts to a machine identity.

• Certify machine identities and their access.

• View and manage machine accounts for all sources.

To discover, classify, and manage machine accounts, users must be an Org Admin, Source Admin, or Source Sub-Admin who is a member of the source's governance group. Users identified as account owners may review machine identities and their access in certifications.

Implementing Machine Identity Security

Your implementation process depends on the data available to your organization. For example, if your organization stores application data in a database, you can begin by using this data to create machine identities. Organizations that do not maintain application data can create machine identities at a later stage.

Choose your next step based on your configuration

Implementing with application data Implementing without application data

If your organization stores application data in a database, SailPoint recommends following this implementation process:

1. Configure sources that contain machine accounts.

2. Aggregate the machine accounts that require governance.

3. Create machine identities to group machine accounts with their associated application or service.

4. Set criteria to determine which source accounts should be classified as machine accounts.

5. Map available account attributes to assign account owners and correlate machine accounts to a machine identity.

6. Process classification and mappings.

7. Review and update machine accounts and their attributes.

8. Create a machine account certification campaign to verify access items for machine identities.

9. Certify machine identities and their access.

If your organization does not maintain application data, SailPoint recommends following this implementation process:

1. Configure sources that contain machine accounts.

2. Aggregate the machine accounts that require governance.

3. Set criteria to determine which source accounts should be classified as machine accounts.

4. Map available account attributes.

5. Process classification and mappings.

6. Review and update machine accounts and their attributes.

7. Create a machine account certification campaign.

8. Certify partial machine identities and their access.

9. Create machine identities to group machine accounts with their associated application or service.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.