2. Explain refresh identity cube task.
3.What is Delta Aggregation? for which applications
4.Explain Perform Maintenance task
5.What are Aggregation rules.
6.How to pause running of Workflow and 5 subprocess workflws?
7. Explain Sailpoint IdentityIQ Architecture.
8.Difference between provisioning plan and provisioning policy.
9.Difference between PreIterate Rule and PostIterate Rule
10.What are APIs or Classes used in Provisioning Plan?
11.What are inbuilt objects used in rule.
12.What is iiq console command and Patch and where it is located.
14.How to extend identity attributes and in which file.
15.What is LCM.
16.What is certification and what are its rules.
17.What is customization rule.
18. what is correlation rule.
19. Explain Role and what are types ?
20.Difference between Business Role and IT Role.
21.Explain LifeCycle Events.
22.What is Custom Connector and what are steps to create it.
23.Explain Custom Task.
24.Difference between Aggregation and Identity Refresh Task.
25.What is Capability.
26.Explain Quicklink.
27.How Dynamic Scope is used in Quicklink.
28.Structure of Workflow,Form
29.How to create Form within WF.
30.How to call rule in Form.
31.How to launch WF within rule.
32.Explain Entitlement Role.
33.What is native change detected.
34.How to call Birthright provisioning at Joiner event.
35.How to do Birthright provisioning of roles.
36.What is Assignment rule.
37. Steps in Application Configuration of Delimited file,JDBC,AD,LDAP
38.Which options to select in refresh identity cube task to trigger joiner event.
39.logging path in sailpoint IdentityIQ
40 what are major features of Sailpoint IdentityIQ.
41.What is authortative application.
42.What are uncorrelated accounts or links.
43.What is Workgroup,Assinment Rue,Manaed Attr and Entitement.
44.Explain Advanced Analytics,Reporting
45.What is Debug
46.What is Discover Schema
47.Explain steps of Birthright provisioning Workflow.
48.What is Identity Attribute Mapping,Account Mapping
49.What are Installation Steps.
50. Explain SSF framework.
51.What is Custom Object.
52.How to add attributes beyond the limit of 20 numbered
53. If to include audit of manager's approval where to do.
54.How to configure reminder notification to send to manager.
55. Custom Task or Task Definition to do.
56.Delta Aggregation for Delimited File if possible.
57.the self registration process with 2 level approval.
58.Difference between scoping and capabilities
59. Difference between workgroup,groups,populations
60. Why ManagedAttribute and Entitlement used when they are synonyms.
61.Explain Refresh Groups Task
62. How many approval levels in Sailpoint and how to do it.
63.Explain SSB
64.Explain between ExtendedIdentityAttribute as a placeholder
65.If need to exclude contractors in aggregation task then how to do.
66.Explain AttributeSync and NCD ,Scoping, Dynamic Scope
68. How to do Audit Configuration and explain Class Actions.
69. Explain Target Mapping,Surce Mappin
70. Difference between Source Mapping and Target Mapping
71. if 2 application and attribute mapped and to put logic that if logic a then source mapping for app1 otherwise for app2, how to do
72.Explain process event,provision assignments to provision the entitlements checkbox in identity refresh task
73. email notification to manager how to do
74 explain workflow type IdentityLifecycle,approval sceme serial and parallel,transient variable in workflow
75 birthright prov wf steps.
76 explain provisioning rule type JDBCProvision,foreround prov,optimistic prov
77 explain authorized scope
78 explain sailpoint.reporting.LiveReportExecutor type LiveReport, rest api and diff between soap and rest
79 explain custom connector steps and where .xhtml file path or location.
80 explain type FieldValue in rule , in form postback,libraries used for dynamic forms creation and steps
the getName() method to obtain the Access Request number (Request Id) from the IdentityRequest object:
Note ::
to get the request ID from the "Before Provisioning" rule so we have only the username from the plan and with the help of the username we want to get the requestid of the user.
- Exchange provisioning skipped as mandatory input 'Exchange Alias (mailNickname)' was missing in provisioning plan
mailNickname is mandatory to create mailbox in Exchange. If it is not present in provisioning plan and other exchange attributes exist, then IQService throws above exception.
- A way to connect to microsoft exchange server and create new email accounts to user from sailpoint IIQ.
- What actually featureString is used for? featuresString="AUTHENTICATE, MANAGER_LOOKUP, SEARCH"
- Disable Authoritative Source Account :- for Example authoritative source is a JDBC application. That means do not want to provision to the authoritative source.
- Difference between authoritative and non with respect to aggregation
- If suppose created identities through LCM instead of discovering them from an aggregation, so how to set their "authoritative" flag to "true"?
- Best Practices for managing multiple accounts on active directory. Managing multiple accounts on single AD or Having two separate applications?
- How is provisioning done in cases ( Identities with multiple accounts )? How to check which of the several accounts under the identity cube must be provisioned to?
Ques To set a threshold for aggregation from event based inputs; How to limit the number of records aggregated from delta-feed authoritative source;
For eg; If there are more than 100 offboarding requests, stop aggregation and send a warning.
Ans :Sailpoint IdentityIQ does not support Delta Aggregation for Flat File. It requires that the file should contain all records + additional records and change records. So if in your requirement you are removing records from Flat File and then aggregation then you can utilize Delete Threshold.
Thresholds can be set either as a fixed number, or as a percentage of identities. When a threshold is set, the Identity Refresh task will terminate when the threshold is met, without updating any identities.
Identity Processing Threshold can be configured both in Rapid Setup (as global setting) and in Lifecycle Events, for specific workflows. In addition, there are some settings in the Identity Refresh task that must be set to fully enable this feature.
What is schema in SailPoint?
Each source supports a variety of details, or attributes, about each user who has an account, such as their name, email address, manager name, and location. The set of account attributes each source stores and how they're organized is known as the account's schema.
What is the difference between role and entitlement in SailPoint?
Certifications: Entitlements can be revoked from an identity that no longer needs them. Roles: Roles can group access profiles which themselves group entitlements. You can grant and revoke access on a broad level with roles.
What is optimistic provisioning in Sailpoint?
Optimistic Provisioning assumes that provisioning requests are completed and then updates the identity cube to display the changes when the request is submitted, not when the request is verified.
What is provisioning policy in Sailpoint?
Provisioning policies in an application configuration define the set of attributes which are needed to complete a provisioning request, whether that request is to create an account, modify an account, add a role to an identity, etc. also called provisioning forms.
What is LCM provisioning?
Lifecycle Management (LCM), provisioning helps organizations automate the IT processes associated with an individual joining, moving within, or leaving their organization. This flow of a user's identity through different stages is known as a user's lifecycle state change.
Lifecycle Manager provides automated change management based on configurable identity lifecycle event triggers. These triggers are mapped to different identity-related events in an authoritative source, typically a human resources system. When a tracked event is detected, provisioning requests are generated.
What is birthright provisioning in Sailpoint?
This is typically used for birthright provisioning – that is, simply because someone is an employee, they automatically get some set of business roles; furthermore, if they are in the Accounting department (as indicated by an attribute defining their department), they get another business role;
Endpoints An endpoint is an installation of a platform or application which has identity and role data. An endpoint can include the following systems:
• An operating system (such as Windows)
• A security product that protects an operating system (such as CA Top Secret and CA ACF2)
• An authentication server that creates, supplies, and manages user credentials (such as CA Arcot)
• A business application (such as SAP, Oracle Applications, and PeopleSoft)
• A cloud application (such as SalesForce and Google Apps)
Ques have an flatfile based application say
“App1” and it has 3 entitlements in entitlement catalog. (ent1,ent2,ent3)
When run account aggregation for this App1, the file has 4 different
entitlements for a user in the source file(ent1, ent2, ent3, ent4), the
identity cube for this user is showing 4 entitlements but was expecting only
3 to be in the users identity entitlement list.
so how to go about not aggregating that one ent’ whichi is not
in the entitlement catalog for this app.
Ans
There is an option in the Aggregation task
which allows new entitlements to be created (promoted) when found in the input
file. This option is ‘Promote managed attributes’ (a managed attribute =
entitlement)
If
you don’t want to create new entitlements during aggregation disabled this
option (‘Promote managed attributes’)
the ‘Promote managed
attributes’ in Aggregation Task can be used to add the fourth entitlement into
the catalog. If you are trying avoid the entitlement being aggregated you can
use a Customization rule to skip remove that value being added to the resource
object
The Promote Managed
Attribute option automatically promotes any values for entitlements or
permissions encountered while running the task as Managed Attributes. Disabling
this will not load entitlements to the catalog. But this cannot be used to
identify missing entitlements.
1. _____ roles can be “assigned” to Identities.
2. _____ roles are “detected” for an Identity based on its recorded system entitlements.
3. _____ role can be manually or automatically assigned to each Identity.
4. Automatic role assignment is done based on the ____ Rule for the Business role.
5. Roles can either be “__” to an Identity or “___” for an Identity.
6. ____ roles were originally created to represent a single entitlement on a single application.
7. ____ roles linked to the business roles as Required or Permitted roles.
8. To connect a business role to a new organizational role, add the organizational role to the ____ section of the business role definition.
9. Add all of the ___ roles to the business role’s Inherited Roles list to show it multiple places in the hierarchy.
10. The position of roles in the UI role hierarchy is controlled by __.
11. ___ can also minimize the risk of missing roles.
12. Mined __ roles are created in a disabled state and must be activated before they can be assigned to any identity, either automatically or through an access request.
13. Mined business roles contain __ logic which will automatically assign them to identities whose attributes match the criteria used to identify the role, once the role is activated.
14. __ roles are typically used to represent job functions or job titles.
15. Roles created through business and IT role mining activities are automatically generated in "container" ___ roles by the mining operations.
16. __ roles allow multiple entitlements from one or more applications to be grouped together into a single role.
17. __ roles were originally created to represent a single entitlement on a single application.
18. The Term Assigned Role used for __ Roles.
19. The Term Detected Role used for __ Roles.
20. ___ roles are connected to business roles through the Required Roles and Permitted Roles lists.
21. A role is a collection of ___ or other roles that enables an identity to access the resources and to perform certain operations within an organization.