Implementing Sailpoint IdentityIQ using Read-Write Direct connectors

As mentioned in one of the earlier posts, few organizations have carried out IdentityIQ implementations in such a way that application data (access and permissions) are fetched in the form of CSV files using a read-only delimited file connector. The greatest negative aspect of such type of architectural pattern is that the organization has to depend upon application support teams (a manual process) for decisions to be manually provisioned on the target applications i.e. open loop remediation.

So the question arises:-

• Have the organizations moved towards the idea of automation or actually drifted away from it?

• Is the decision to implement IdentityIQ correct and worth it?

The answer lies in the approach of implementation. Although the above-discussed architectural pattern provides an Online Centralized Portal for User Access Reviews IdentityIQ is much more capable of this. Organizations should aim towards utilizing more and more available features of IdentityIQ.

Customers now are more focused on making more and more things automatic instead of relying on manual processes. So the previously mentioned architecture type is now not preferred by organizations. They are moving towards an architecture which uses Direct Connectors between target applications and IdentityIQ. This enables them to do Direct Provisioning on target applications.

This is represented in the diagram below: