Include privileged access in your governance model by integrating CyberArk and SailPoint
Even if you already govern typical user access using SailPoint’s IdentityIQ or IdentityNow solutions and control access to privileged accounts through a CyberArk Privileged Access Management solution, there’s a good chance you’re still not as secure as you should be. Forrester reports that 80% of security breaches are linked to privileged access. If you’re managing PAM independent of your Identity governance program, you won’t have complete visibility of your organization’s access. This can cause dangerous access combinations or oversights that ultimately result in unnecessary security risks.
For this reason, it makes sense to consider including privileged access in your governance model through an integration between CyberArk and SailPoint.
Integration Preparation & Roadmap
We can review your current environments to determine if you’re ready to integrate CyberArk with SailPoint. If you’re not, we can help build a roadmap to get you there.
IAM is a program, not a project. We can evaluate your IAM program maturity and assess how you can further reduce risk and plan for future access management needs.
Implement the Out-of-the-Box Integration
Implement the out-of-the-box PAM Module to manage users, groups, safe permissions, and dedicated views and workflows that go with it
Expand the Out-of-the-Box Functionality
Increase the value of the out-of-the-box functionality by implementing custom workflows which allow for automated safe creation for new privileged accounts and storing newly created credentials in the safe
Reduce Manual Password Rotation
We can help you reduce manual password rotation for your SailPoint connectors by implementing automated credential cycling that SailPoint offers with the PAM module as well
Key Features of the SailPoint CyberArk Integration Module
The SailPoint PAM integration can create an integrated, policy-driven approach to managing identity and access governance across both privileged and non-privileged accounts. It offers good functionality out-of-the-box, but much more can be achieved with customizations made during the integration process (by someone like us), like including creating safes and vaulting privileged accounts. Possible features include:
⦿ A centralized view of user permissions on safes containing privileged access
⦿ Immediate provision for privileged access once approved
⦿ Include privileged access in enterprise access certifications (attestations)
⦿ Include privileged access management in automated joiner workflows
⦿ Centralized location for reviewing, managing, or escalating PAM requests
⦿ Include PAM in automated leaver workflows including immediate credential rotation, account disablement, or removal
⦿ Establish a true Role Based Access Control (RBAC) model for privileged access and govern it from SailPoint
Going Beyond the Out-of-the-Box Integration
Although the standard PAM module covers the basic PAM governance use cases, organizations often need more functionality to support advanced use cases such as creating safes and vaulting accounts within those new safes from SailPoint. To help our clients expand privileged access governance controls, we developed customizations that go beyond the OOTB features to enable:
End-to-End Service Account Request Workflow
⦿ User friendly forms and approval process
⦿ Proper ownership defined and easily updated
⦿ Automated provisioning of service accounts in Active Directory
⦿ Automated vaulting of new accounts in a CyberArk safe
Automated Provisioning of Privileged Domain Accounts
⦿ Self-service privileged account request with appropriate approvals
⦿ Granting normal domain account access to CyberArk to access their newly created safe with their privileged domain account credentials
⦿ Automated creation of privileged domain account, new user-specific safe created in CyberArk, and the credentials of the new domain account vaulted in that safe
Why Integral Partners can help with your Integration
When it comes to SailPoint and CyberArk, we have experience implementing their solutions in every vertical. We both know the solutions and have experience integrating and optimizing them (from early planning to implementation to support). We also have experience with every top IAM vendor and each space within it.
SailPoint Admiral Award Winner: We’ve received our third consecutive SailPoint Admiral Certification for Delivery Excellence status in recognition of their ability to deliver highly successful implementations using the SailPoint platform. SailPoint created the Admiral award in 2018 to honor top-tier partners. Integral Partners has been awarded the status of Admiral every year since its inception. Out of over 250 eligible partners, they were one of only 13 North American companies given that designation in 2020.
Let’s talk about a SailPoint CyberArk Integration
Ready to learn more? Let’s start a conversation and see if we can help. They can answer any initial questions you have about an integration and any other IAM related issues.
- We’re trusted partners with SailPoint and CyberArk
- We have over 20 years of experience with IAM
- We have experience integrating these tools and expanding its value
Use this form to reach out schedule 15 minutes directly on our calendar here.