A key characteristic of mature SailPoint-enabled Identity and Access Management (IAM) programs is effective production monitoring. Several out-of-the-box tools and reports are available within IdentityIQ to help monitor your production environment. One such tool that is often overlooked is the Administrator Console. In this blog post, we will discuss how to leverage the Administrator Console to proactively identify potential issues in your SailPoint IdentityIQ implementation and maintain optimal system performance.
The Importance of the Administrator Console in SailPoint IdentityIQ
The Administrator Console was introduced in IdentityIQ around version 7, featuring a Provisioning Transactions table where users can view data about provisioning transactions. This includes transactions from automated processes, requests, and certification decisions.
Case Study: Identifying and Addressing Failed Provisioning Transactions
Recently, I conducted a quick analysis on provisioning transactions in a client’s production system using the Administrator Console. I exported data on failed provisioning transactions from the beginning of the year to the present day. Surprisingly, there were millions of failed provisioning transactions across several applications.
Further analysis of the failures per application and per month revealed the applications responsible for most of the failures, as well as the month where the failures spiked. We were able to correlate the spike in provisioning failures to a production deployment that occurred earlier in the year and subsequently made corrections to address the failures.
In my client’s case, these failures did not impact key IAM controls like leaver processing, certifications, etc. However, a large volume of failures like this could hurt system performance, which may, in turn, affect control effectiveness.
Best Practices for Monitoring Provisioning Transactions
To proactively identify potential issues in your SailPoint IdentityIQ implementation, I recommend monitoring provisioning transaction failures regularly. Additionally, configure the provisioning transaction log settings to purge records after a set time (at least 180 days).
The Administrator Console in SailPoint IdentityIQ is an invaluable tool for monitoring your production environment and ensuring optimal performance. By regularly reviewing provisioning transaction failures and setting appropriate log retention settings, you can proactively identify and address potential issues before they escalate.
Don’t let potential issues in your SailPoint IdentityIQ implementation go unnoticed. Our expert team is here to help you optimize your IAM program and ensure your system runs smoothly.
Contact us today for a comprehensive assessment and tailored recommendations to improve your SailPoint IdentityIQ environment. Let’s work together to strengthen your IAM program and safeguard your organization’s data and systems.
