Meeting Summary – Identity Governance, SailPoint Integration & Cloud - razmipatel/Random GitHub Wiki

🔹 Meeting Summary – Identity Governance, SailPoint Integration & Cloud Privileged Access (Mobile 4)

🧩 Key Project Updates

  • Two Parallel Projects:

    • Razmi’s BB Project and IAM Attributes Project (led by Brian and team) have overlapping components.

    • Both involve surfacing SailPoint and privileged access data for Fire request processes.

  • Collaboration Strategy:

    • Brian, Ian, and Nick will lead the initial delivery of the common foundation.

    • Razmi’s team can build on this shared baseline without delays to other workstreams.

    • Ongoing alignment and updates will be maintained with Razmi.

🔐 Identity & Access Governance in the Cloud

  • Current State:

    • IAM security posture is strong, but governance gaps exist (e.g., SOD, UAR, UAO, privileged access reporting).

    • Goal: Integrate governance needs seamlessly into existing or new workflows for Mobile 4 deadlines.

  • Governance Priorities:

    • Focus areas: UAR (User Access Reviews), UAO (User Access Ownership), and PAM (Privileged Access Management).

    • SailPoint + CyberArk + Azure integration is critical.

    • UAR must be automated by Mobile 4 Release 4 (Q4).

🧰 Technical Considerations

  • Privileged Access Definition:

    • All cloud access is privileged.

    • Tiering used:

      • Tier 0 – Full tenant/management access (requires AIT accounts, CyberArk PSM/PIM)

      • Tier 1 – Production-level write access

      • Tier 2 – Non-prod and read-only access (still privileged; MFA required, but not CyberArk/AIT)

  • Group Metadata Challenges:

    • Notes field currently used for tiering in AD – acknowledged as suboptimal.

    • Future approach may need to shift to extended attributes or align with SailPoint expectations.

  • SailPoint Integration Strategy:

    • Need a clear, unified direction across stakeholders (currently fragmented).

    • A longer-term vision for native Azure integration via SailPoint modules is necessary and must be budgeted.

    • A wider stakeholder forum is being organized to formalize a unified SailPoint strategy.

🧑‍💼 Team Assignments & Cadence

  • Nick & Razmi: Lead workstream for UAR automation and group metadata enrichment.

  • Simon & Leandro: Oversee governance alignment and stakeholder engagement.

  • Regular Forums:

    • Bi-weekly governance/design check-ins proposed to align technical designs and ensure shared accountability.

    • Friday governance meetings exist but may need time adjustments for better attendance.

💬 Miscellaneous

  • SailPoint PS Resource:

    • Bhavana onboarded for 15 days (used ~7.5).

    • Focus: BB Invites and Entra group integration. Shared use across teams encouraged.

    • Further time may be requested; contact Julio (SailPoint AM) for coordination.

  • Action Items:

    • Align on group attribute strategy for SailPoint (Nick/Razmi).

    • Define whether SOD applies to cloud/Mobile 4 (to be documented as a governance decision).

    • Coordinate with SailPoint PS to avoid duplication of effort.

    • Continue progress on UAR integration in parallel with full SailPoint onboarding.

Next Steps

Item | Owner | Due -- | -- | -- Align on group attribute strategy for cloud groups (tearing metadata) | Razmi & Nick | Ongoing Confirm SOD applicability and document decision | Leandro + Team | Pre-M4 Release 4 Continue UAR automation (manual → SailPoint) | Razmi + Governance | Q4 2025 Share SailPoint PS SoW details with team | Brian | ASAP Organize stakeholder session for SailPoint long-term strategy | Simon & Brian | July Adjust bi-weekly cadence for governance updates | All | Confirm in next meeting
⚠️ **GitHub.com Fallback** ⚠️