SailPoint meeting - razmipatel/Random GitHub Wiki

Meeting Minutes – Security & Access Review Call

Date: Monday, 16:30
Attendees: Brian Farrelly, Security Team, Sean, Ger, Andrew, Ian (IDM), Razmi, Bhavana, Connor Maloney (potential owner for app access reviews)
Topic: Connector Updates, B2B Identity Requirements, Access Reviews, and Workflow Enhancements

🔹 Summary

  • Connector Enhancements: Existing connector updated to include identities, service accounts, business app tags, Venafi, Defender, and additional apps.

  • Regulatory Compliance: SailPoint's new 3rd-party risk utility (in IdentityIQ) supports B2B governance (e.g., DORA). May enable immediate B2B user termination.

  • Entitlement Lookup: A new database will feed into SailPoint workflows, allowing entitlement data to be pulled into access reviews.

  • Priorities: IT PAM prioritized for Q3; ELZ to follow in Q4.

  • Next Steps: Requirements gathering, database integration, SoW finalisation, and connector rule implementation.

🔧 Key Discussion Points

🔐 Connector Scope (Sean & Ger)

  • Existing connector covers:

    • Identities & service accounts

    • Business app tagging

    • Venafi & Defender

    • 4–5 original apps, with more added

  • Additional features required:

    • B2B identity support (e.g., manager field)

    • Compliance for app development (e.g., tokenisation, CyberArk workflows)

    • Attestation & execution process for identity provisioning

📄 SailPoint Utility (Sean)

  • SailPoint IdentityIQ to include a 3rd-party risk utility

    • Helps enforce non-employee risk controls (e.g., DORA compliance)

    • Enables immediate B2B user termination

    • May align well with auditor expectations

    • Could operate independently from Remedy

  • Governance review still required

📊 Access Reviews & Governance (Ger)

  • Opportunity to expand access reviews across more applications

  • Potential transition of ownership to Connor Maloney

  • IT PAM is a Q3 priority, ELZ will be Q4

  • Discussion needed around entitlement lookup via a new database

🗃 Entitlement Database (Andrew)

  • New entitlement lookup database to support access workflows

  • Integration with SailPoint workflows (post-submission) to:

    • Query the database

    • Call either Entra ID or API AD depending on context

  • Review overlap between request forms and PUR (purchase/use request) forms

    • Consolidation into a connector workflow needed

🧑‍💻 Ian (IDM) Responsibilities

  • Deploy updated connector

  • Build access review logic (apps and groups)

  • Define certification rules and group mappings

❓ Open Questions

  1. Should the access review expansion be handled by Connor or retained by the current team?

  2. Can we adopt the 3rd-party utility from SailPoint? Governance team review pending.

  3. How do we resolve form overlaps (request vs PUR)? Need to consolidate via connector.

✅ Action Items

# | Action | Owner | Due -- | -- | -- | -- 1 | Produce detailed requirements and a test/dev timeline for access reviews | Sean & Ger | TBD 2 | Integrate the entitlement database into SailPoint workflows | Razmi | TBD 3 | Connect with Andrew to finalise SoW and determine what can run in the environment | Sean / Ger / Andrew | TBD 4 | Deploy connector and define rules for access reviews and certifications | Ian (IDM) | TBD 5 | Review and decide on SailPoint utility for rapid B2B termination | Security Team | Before next governance check-in
⚠️ **GitHub.com Fallback** ⚠️