Enabling Access Modeling

SailPoint's AI Services includes an Access Modeling service which uses patented machine learning algorithms to identify user access patterns and determine potential roles that accurately align with what users actually do in an organization.

In IdentityIQ, AI Services Access Modeling gives you the option to use this service for role discovery, to display potential roles based on the optimal role granularity derived from AI Services algorithms.

The Access Modeling feature is an optional integration that you can install as a plugin as part of your AI Services integration.

For more information, see Plugins.

To use Access Modeling for role discovery:

  • AI Services must be integrated into your IdentityIQ instance. See Integrating SailPoint AI Services for details.

  • Plugins must be enabled in your IdentityIQ instance. To enable plugins, ensure that the <identityiq_home>/WEB-INF/classes/iiq.properties file of your IdentityIQ installation includes the plugins.enabled=true setting.

You can read about AI Services prerequisites, the onboarding process, and deployment steps at Getting Started with SailPoint AI Services.

Follow these steps to install the Access Modeling plugin. You can read more about Access Modeling prerequisites and features in Access Modeling.

  1. Download the Access Modeling plugin from the IdentityIQ Plugins area of Compass.

  2. Log in to IdentityIQ as an administrator.

  3. From the IdentityIQ gear icon, select Plugins.

  4. Click New, then browse to or drag and drop the plugin zip file to install the plugin.

  5. Click the Configure button for the Access Modeling plugin and enter the URL for the IdentityNow tenant.
    For example: https://<tenant>.identitynow.com

After the Access Modeling plugin is installed and configured, you can use it to explore potential roles based on users' current roles, and create new roles that align with the access users need.

  1. Click Intelligence > Advanced Analytics.
  2. In the Search Type field, make sure Identity is selected.
  3. Enter search criteria as needed, to find the identities you want to discover roles for, and click Run Search.
  4. Select the identity or identities to discover roles for.
  5. Click Role Discovery to discover potential roles based on the optimal role granularity derived from our AI algorithms.
  6. You will be redirected to the Access Modeling page in IdentityNow, using the URL that you configured in the Access Modeling plugin. If you are not already logged in to IdentityNow, you will have to enter admin credentials and authenticate.
  7. For next steps on using IdentityNow for role discovery, see Access Modeling in the SailPoint Identity Services documentation.