The Instrumental Identity History Plugin satisfies all of your IIQ history needs.
SailPoint IdentityIQ ships with a variety of historical and audit logging. Aggregation jobs can save a snapshot of an Identity containing all of its attributes and accounts so an admin can refer to it later. You can view the history of lifecycle events for an Identity. You can view certification information. You can view historical requests. You can view audit events (assuming you have them enabled) for provisioning actions. The newest versions offer IIQ’s own access history feature.
However, the provided history functions have two major shortcomings:
- Attribute changes on Identities and Accounts are not audited permanently or immediately. Even with the new Access History functions, configuration can be difficult or missing altogether.
- There is not a single user interface to view all types of history for a given Identity.
The Instrumental Identity IIQ History Plugin easily resolves both of these problems.
History Scanner
The history plugin’s History Scanner is a background service or scheduled job that searches for Identity or Link objects updated since the last scan. Each of these is analyzed for differences, which are logged as permanent IIQ audit events. The scanner is multi-threaded and very efficient, currently in use on installations with many millions of Identities.
Configuration can be used to ignore changes to specified fields, specified identities, or specified applications.
The scanner uses a smart, IIQ-specific diff utility to avoid spurious change detection. For example, an AD account whose groups change from [A, b, C] to [B, c, A] would not be detected as a change.
History Viewer
The History Plugin provides a History Viewer, a standalone plugin page that merges all sources of history for a given Identity. The viewer shows all Identity history data in a single, searchable timeline table! You can use the History Viewer to see attribute changes to a specific account, to view the details of a historical role assignment, or to analyze certification outcomes.
The History Plugin’s history viewer shows the following types of historical or audit events:
- Attribute changes detected by the scanner
- Access request details and outcome
- Account creation and deletion
- Role assignment and removal
- Lifecycle events
- Provisioning audit events (and provisioning transactions if they’re available)
- Certification triggers and certifier actions
- Any custom audit events specified in the configuration
- Native IIQ access history data
- Task results that mention the Identity (optionally)
The timeline can be narrowed from both ends to view only events within a certain span of time. You can specify custom security assertions, restricting certain users from seeing some or all types of events.
See the screenshots below for examples of the History Viewer interface. These screenshots show access request, lifecycle, identity-level attribute change, and provisioning events.
Attribute View
By checking “Show attribute view”, you can pivot the table into an alternative view showing a before-and-after change log for every Identity and Account attribute.
