SailPoint NERM minutes - razmipatel/Random GitHub Wiki
- Agreed to enable SailPoint Non-Employee Risk Management (NERM) next week.
- Clarified B2B identity and attestation requirements, including manager data and standards.
- Defined Service Account (SPAdmin) responsibilities and ownership for object and workflow creation.
- Planned sharing of existing Azure attestation designs and logical setup documentation.
- Agreed to investigate new Entra ID connector capabilities and tie B2B users to AIB staff IDs.
- Identified action items covering requirements gathering, quoting, and documentation.
- Date: 27 June 2025
- Time: 11:00 – 12:00 BST
-
Attendees:
- Komal Jaidka
- Razmi Patel
- Sean O’Higgins
- Ger Lynam
- Andrew Davies
- Sean to lead enabling SailPoint Non-Employee Risk Management next week.
- Supports DORA compliance and provides a “kill-switch” for compromised partners.
- Karolina to confirm project viability and provide:
- Project names
- Project IDs
- Chargeable time
- Resource constraints noted; project start dependent on finalised SOW.
-
Manager Information
- Mandatory identity attribute
- Used to trigger attestation workflows
-
Standards & Controls
- Use SailPoint policy framework
- Incorporate tokenised code and security controls for app development
-
Service Account (SPAdmin)
- Defined as the SailPoint integration account
- Sole owner of workflows and object creation
-
StaffID Mapping
- All B2B users to be linked to AIB staff IDs
-
SPAdmin Ownership
- All Azure group, object, and workflow creation must be executed by SPAdmin
- No manual creation by human operators
-
Production Change Controls
- All production changes must meet agreed standards
- Test cases must be documented
-
Azure Attestation
- Share existing designs
- Produce a logical design covering:
- Tagging strategy
- Group hierarchy
- Attestation flows
-
Connector Testing
- Evaluate new Entra ID connector
- Validate current and future functionality
- Assess implications of group creation in Azure
- SailPoint SME demonstrated:
- API-based group management
- Group retrieval via iRequest forms
- Action required to review overlap between:
- B2B iRequest form
- Group Management iRequest form
- PUR form
| Owner | Task | Due Date |
|---|---|---|
| Sean O’Higgins | Enable SailPoint NERM feature | 04 July 2025 |
| Karolina | Confirm SOW details (scope, IDs, names, charge time) and send to Andrew Davies | 30 June 2025 |
| Razmi Patel | Discuss entitlement database lookup with IT PAM team and document requirements | TBD |
| Ger Lynam | Investigate connector access levels and document gaps for current Entra integration | 03 July 2025 |
| Andrew Davies | Share SOW template with Karolina; prepare quote/work order for AIB | 01 July 2025 |
| Komal Jaidka | Collate SME onboarding notes and update project timeline (incl. RAT clearance) | 30 June 2025 |
-
Connector Scope Definition
Sean and Ger drafting detailed requirements, test plans, and development effort estimates. -
SME Onboarding
Bhavana’s lab access cleared; offline testing in progress. -
Entitlement Database
Prototype lookup database for dropdown values under development; SailPoint integration design ongoing. -
Manual Attestation Process
Current manual process documented; automation of manager information retrieval underway.