Does this example accurately describe an IdentityNow data flow?
Solution:
1. Identity data is aggregated from an authoritative source.
2. The aggregated data is used to build an identity model.
3. Accounts are provisioned to source systems.
4 Identity attributes are periodically synchronized to write-enabled systems
Answer : B
No, this example does not accurately describe the complete data flow in IdentityNow. While it correctly mentions identity aggregation and the building of an identity model, the third step, 'Accounts are provisioned to source systems,' is not always part of the identity aggregation process. Provisioning is typically a separate workflow initiated by access requests or certification decisions, not directly tied to identity aggregation. Additionally, the periodic synchronization of identity attributes happens as part of identity refreshes but is not necessarily tied to provisioning accounts in all cases.
SailPoint IdentityNow Aggregation and Identity Model Documentation.
SailPoint IdentityNow Provisioning Workflow Guide.
Does this example accurately describe an IdentityNow data flow?
Solution:
1. The IdentityNow engineer logs into the virtual appliance and creates a new identity profile.
2. The virtual appliance contacts the IdentityNow tenant to synchronize the identity profile.
3. The IdentityNow tenant provisions accounts to source systems.
4. The IdentityNow tenant sends an API call to the virtual appliance with confirmation that accounts were provisioned
Answer : B
No, this example does not accurately describe an IdentityNow data flow. The incorrect part of this flow is that identity profiles are not created within the Virtual Appliance (VA). Identity profiles are created and managed directly within the IdentityNow tenant, not the VA. Additionally, the provisioning process is handled by the IdentityNow tenant through provisioning tasks and API calls to the VA for execution, but the VA does not initiate identity profile creation or manage the full synchronization of those profiles.
SailPoint IdentityNow Identity Profile Configuration Guide.
SailPoint IdentityNow Virtual Appliance and Tenant Data Flow Documentation.
Does this example accurately describe an IdentityNow data flow?
Solution:
1. An IdentityNow engineer clicks "start manual aggregation".
2. The IdentityNow tenant contacts the Active Directory domain controller.
3. The domain controller sends a list of accounts to the virtual appliance.
4. The virtual appliance masks sensitive information and sends a list of accounts to the IdentityNow tenant.
Answer : B
No, this example does not accurately describe an IdentityNow data flow. The step where the domain controller sends a list of accounts directly to the virtual appliance is incorrect. Instead, during manual aggregation, the virtual appliance is responsible for initiating the connection to the domain controller (or other authoritative source), retrieving account data, and then sending the results to the IdentityNow tenant. Sensitive information is masked before sending the data from the virtual appliance to the IdentityNow tenant, but the domain controller does not interact directly with the IdentityNow tenant.
SailPoint IdentityNow Aggregation Process Documentation.
SailPoint IdentityNow Virtual Appliance Data Flow Guide.
Is this the recommended way to test lifecycle state transitions in IdentityNow?
Solution: Configure and enable lifecycle states. Find a test identity that is not in the target lifecycle state. Manually change the test identity lifecycle state to the target state from the admin user interface Verify the results of the lifecycle slate in the identity's activity page.
Answer : A
Yes, this is the recommended way to test lifecycle state transitions in IdentityNow. To validate how lifecycle states function, administrators can manually set up and enable lifecycle states for testing purposes. By selecting a test identity that is not already in the target state, manually transitioning that identity to the target state using the admin user interface provides a direct and controlled way to observe the transition. The results can be verified in the identity's activity page, where changes in the lifecycle state will be logged, helping to ensure that the lifecycle state functions as expected.
SailPoint IdentityNow Lifecycle Manager Documentation.
SailPoint IdentityNow Lifecycle State Configuration Guide.
Is this statement correct about security and/or encryption of data?
Solution: identityNow uses a hashing algorithm for secure encryption of data in transit and uses TLS for hashing passwords and the answers to security questions
Answer : B
No, this statement is incorrect. While IdentityNow does use TLS (Transport Layer Security) for securing data in transit, TLS is not a hashing algorithm; it is a protocol used for encryption to ensure secure communication over networks. Additionally, IdentityNow uses hashing algorithms for securely storing passwords and answers to security questions (e.g., SHA-256 or bcrypt), but it does not use TLS for hashing these values. Hashing algorithms are one-way functions that help store sensitive data securely by converting them into irreversible fixed-length representations.
TLS protects data during transmission by encrypting it, while hashing is used for securing stored data such as passwords.
SailPoint IdentityNow Encryption and Security Practices Documentation.
SailPoint IdentityNow Password Hashing and Encryption Mechanisms Guide.
Is this statement correct about security and/or encryption of data?
Solution: When setting up a virtual appliance cluster. SailPoint creates an asymmetnc key pair based on a user-provided passphrase. and then uses this key pair to communication with the IdentityNow tenant.
Answer : A
Yes, this statement is correct. When setting up a Virtual Appliance (VA) cluster, SailPoint does indeed create an asymmetric key pair based on a user-provided passphrase. This key pair is used for secure communication between the Virtual Appliance and the IdentityNow tenant. The asymmetric encryption model uses a public-private key pair where the private key is stored securely within the VA, and the public key is shared with the IdentityNow tenant to establish a secure, encrypted communication channel. This setup ensures that data exchanged between the VA and the IdentityNow tenant remains protected.
SailPoint IdentityNow Virtual Appliance Security Guide.
SailPoint IdentityNow Asymmetric Encryption and Key Management Documentation.
Refer to the following diagram.
For this strategy, all virtual appliances (VAs) are deployed in a single VA cluster, with all VAs running concurrently. Some of these VAs are in the primary data center, and others {called OR VAs) are deployed in a DR data center.
While using this strategy, is this a disadvantage?
Solution: A reconfiguration will be required within identityNow to connect to the disaster recovery VAs. If there are many sources configured, this will cause overhead in performing this failover
Answer : B
No, reconfiguration within IdentityNow is not required to connect to the disaster recovery (DR) VAs, which makes this scenario not a disadvantage. When properly configured, all VAs (including DR VAs) in a cluster are part of the same logical unit, meaning that failover to the DR VAs should happen seamlessly without manual intervention or significant reconfiguration. IdentityNow handles the failover automatically, directing traffic to the DR VAs when primary VAs become unavailable.
While there might be some overhead in a manual failover scenario for certain configurations, the use of a single VA cluster helps mitigate this by ensuring the system can failover without needing complex reconfigurations for every source.
SailPoint IdentityNow Virtual Appliance Failover and Disaster Recovery Configuration.
SailPoint IdentityNow High Availability Architecture Guide.