SOLUTIONS
We can help you review and implement the SailPoint Beyondtrust Integration Module – from evaluation, preparation, roadmap, the standard integration and customizations that extend the OOTB capabilities.
Provide centralized management of your privileged access accounts and reduce risk by integrating BeyondTrust and SailPoint
Organizations that have implemented SailPoint’s IdentityIQ or IdentityNow solutions and BeyondTrust’s Password Safe platform often do so without integrating them together leaving a gap in privileged access security. According to Forrester, 80% of security breaches involve privileged access. When your PAM program is managed independently from your IGA program, you lack visibility and governance of who has privileged access to what, if that access is appropriate, and if the access is being used safely and in accordance with policy. This can leave dangerous access combinations undetected and unmanaged resulting in unwanted security risks. In these situations we often see:
⦿ Entitlement creep instead of automated, time-sensitive deprovisioning
⦿ Untracked relationships between users, devices, managed accounts, and their corresponding levels of access
⦿ Privileged access blind spots and orphaned or abandoned privileged accounts as users switch jobs or leave the company
For these reasons and others outlined below, it makes sense to consider including privileged access in your governance model through an integration between BeyondTrust and SailPoint.
Automated Access
The integration will safely provide IT admins, specialists and executives with the privileged access they need to do their job.
Centralized Identity Management
Provide a centralized view of access of each identity you manage across all privileged, shared, and system accounts.
Implement the Out-of-the-Box Integration
Implement the out-of-the-box integration to manage users, groups, safe permissions, and dedicated views and workflows that go with it
Expand the Out-of-the-Box Functionality
Increase the value of the out-of-the-box functionality by implementing custom workflows which allow for automated safe creation for new privileged accounts and storing newly created credentials in the safe
Streamline the Delivery of Access
Create centralized administration over all privileged and non-privileged accounts from within SailPoint enabling delivery of privileged access based on user role or lifecycle event changes.
Key Features of the SailPoint BeyondTrust Integration Module
The SailPoint PAM integration can create an integrated, policy-driven approach to managing identity and access governance across both privileged and non-privileged accounts. It offers good functionality out-of-the-box, but much more can be achieved with customizations made during the integration process (by someone like us), like including creating safes and vaulting privileged accounts. Possible features include:
⦿ A centralized view of user permissions on safes containing privileged access
⦿ Immediate provisioning for privileged access once approved
⦿ Include privileged access in enterprise access certifications (attestations)
⦿ Include privileged access management in automated joiner workflows
⦿ Centralized location for reviewing, managing, or escalating PAM requests
⦿ Include PAM in automated leaver workflows including immediate credential rotation, account disablement, or removal
⦿ Establish a true Role Based Access Control (RBAC) model for privileged access and govern it from SailPoint
Going Beyond the Out-of-the-Box Integration
Although the standard PAM module covers the basic PAM governance use cases, organizations often need more functionality to support advanced use cases such as creating groups and vaulting accounts within those from SailPoint. To help our clients expand privileged access governance controls, we developed customizations that go beyond the OOTB features to enable:
End-to-End Service Account Request Workflow
⦿ User friendly forms and approval process
⦿ Proper ownership defined and easily updated
⦿ Automated provisioning of service accounts in Active Directory
⦿ Automated vaulting of new accounts
Automated Provisioning of Privileged Domain Accounts
⦿ Self-service privileged account request with appropriate approvals
⦿ Granting normal domain account access to BeyondTrust to access their newly created safe with their privileged domain account credentials
⦿ Automated creation of privileged domain account, new group in BeyondTrust, and the credentials of the new domain account vaulted
Why Integral Partners can help with your Integration
When it comes to SailPoint and BeyondTrust, we have experience implementing their solutions in every vertical. We know the solutions and have experience integrating and optimizing them – from early planning, implementation, and support. We also have experience with every top IAM vendor and each space within it.
SailPoint Admiral Award Winner: We’ve received our third consecutive SailPoint Admiral Certification for Delivery Excellence status in recognition of our ability to deliver highly successful implementations using the SailPoint platform. SailPoint created the Admiral award in 2018 to honor top-tier partners. Integral Partners has been awarded the status of Admiral every year since its inception. Out of over 250 eligible partners, we were one of only 13 North American companies given that designation in 2020.
Let’s talk about a SailPoint BeyondTrust Integration
Ready to learn more? Let’s start a conversation and see if we can help. They can answer any initial questions you have about an integration and any other IAM related issues.
- We’re trusted partners with SailPoint and BeyondTrust
- We have over 20 years of experience with IAM
- We have experience integrating these tools and expanding its value
Use this form to reach out schedule 15 minutes directly on our calendar here.