SailPoint Identity Security Cloud - Privilege Management for Windows & Mac
SailPoint Identity Security Cloud -
Deployment guide for Endpoint Privilege Management for Windows & Mac
Note: Work in Progress, this guide will be updated shortly.
Create new SCIM 2.0 Source.
Note: The SCIM SaaS cannot be used because even after we delete the Group entitlement type, Entitlement Aggregation still tries to aggregate Groups via /Groups endpoint which does not exist and this results in HTTP error 400.
Create the ISC API service account with SCIM - Full Access.Connections Settings. Make sure your use SCIM v3 url.Additional Settings: Select Use HTTP PATCH.
Note: PUT is also supported, but PATCH is typically more effective.
At this point, you should be able to successfully test the configuration.
For Entitlement types, delete the group and entitlements types, and add the attributes shown above for roles.
Discover the Account Schema and assign Account ID and Name.
Modify the role attribute: Set Type to roles entitlements.
Configure Account Correlation rule.
Note: userName and email address is based on same value for Privilege Management for Windows & Mac SCIM API.
Now you can Aggregate Accounts and Entitlements.
For entitlements, since there is no /entitlements endpoint, we can add the entitlement name in Description.
We need to mark roles as Requestable.
Aggregated User Account with role.
To allow the Source to create a new User, you will need a Create Account policy:
