📖 About this Domain
This domain focuses on the systematic diagnosis and resolution of operational issues within the SailPoint IdentityIQ platform. It covers the tools and methodologies required to maintain system stability, from connector failures to workflow errors.
🎓 What You Will Learn
- You will learn to analyze log4j outputs and stack traces to identify root causes for task failures and provisioning errors.
- You will learn to utilize the iiq console and debug pages to inspect IdentityIQ objects, test rules, and evaluate system performance in real-time.
- You will learn to diagnose common application connector issues, including connectivity problems, schema attribute mapping errors, and provisioning plan failures.
- You will learn to identify performance bottlenecks by examining task results, database query performance, and JVM memory utilization.
🛠️ Skills You Will Build
- You will build the skill to perform root cause analysis on complex issues involving custom workflows, BeanShell rules, and LCM provisioning.
- You will build the ability to effectively use IdentityIQ's built-in monitoring tools, like JMX MBeans and the System Monitor, for proactive health checks.
- You will build proficiency in isolating faults within the IdentityIQ architecture, distinguishing between platform, connector, and custom code issues.
- You will build the capability to remediate problems through configuration changes, rule logic adjustments, and performance tuning of core components.
💡 Top Tips to Prepare
- Master the configuration of log4j.properties to enable trace-level logging for specific Java classes and connectors during troubleshooting.
- Practice extensively with the iiq console to manipulate objects, execute rules, and perform ad-hoc system queries without using the UI.
- Familiarize yourself with the most common error codes and exceptions found in IdentityIQ logs to speed up initial diagnosis.
- Use a non-production environment to simulate failures, such as misconfigured connectors or broken approval workflows, and practice your recovery procedures.
📖 About this Domain
This domain covers IdentityIQ's reporting framework for data visualization and compliance evidence. It focuses on the creation, execution, and customization of reports and analytics dashboards. You will work with the underlying data model to extract identity intelligence.
🎓 What You Will Learn
- You will learn to configure and run out-of-the-box (OOTB) reports for common audit and operational use cases.
- You will learn to define custom report templates using XML and Hibernate Query Language (HQL) to query the IdentityIQ object model.
- You will learn to utilize IdentityIQ's advanced analytics to build custom dashboards and data visualizations for identity metrics.
- You will learn to manage reporting tasks, including scheduling, result pruning, and configuring report sign-offs.
🛠️ Skills You Will Build
- You will build the skill to write complex HQL queries against the IdentityIQ database schema for custom data extraction.
- You will develop proficiency in creating and modifying ReportDefinition objects via XML to meet specific business requirements.
- You will gain the ability to configure and customize Identity Intelligence Center (IIC) dashboards for executive-level reporting.
- You will build skills in troubleshooting and optimizing report performance by analyzing task results and query execution plans.
💡 Top Tips to Prepare
- Master the IdentityIQ object model, especially the relationships between Identity, Link, ManagedAttribute, and IdentityRequest objects.
- Practice creating custom reports in a development environment, starting by modifying existing OOTB report XML definitions.
- Use the debug pages to test HQL queries and inspect object attributes before finalizing your report definition.
- Understand the different report column renderers and form field types available for customizing report input and output.
📖 About this Domain
The Provisioning domain covers the automated fulfillment of access requests within IdentityIQ. It focuses on the technical mechanisms for creating, modifying, and deleting accounts and entitlements on connected target systems. This involves configuring connectors, workflows, and policies to execute provisioning plans.
🎓 What You Will Learn
- You will learn to configure Provisioning Policies and Forms to control how provisioning requests are translated into actions.
- You will learn to utilize connectors and the Provisioning Integration Module (PIM) to communicate with target applications.
- You will learn the flow and components of Lifecycle Manager (LCM) provisioning workflows for automating fulfillment.
- You will learn to implement custom logic using Before and After Provisioning rules with BeanShell scripting.
🛠️ Skills You Will Build
- You will build the skill to configure and troubleshoot application connectors for direct provisioning.
- You will build the ability to customize LCM workflows to handle complex, multi-step provisioning scenarios.
- You will build proficiency in writing provisioning rules to manipulate the Provisioning Plan object before execution.
- You will build the skill to debug failed provisioning transactions by analyzing logs and task results.
💡 Top Tips to Prepare
- Master the XML structure of the Provisioning Plan, as it is the core data object for all provisioning.
- Practice configuring common connectors like Active Directory and JDBC to understand their specific schema attributes.
- Use the IdentityIQ Debug pages to trace and analyze the execution of LCM provisioning workflows step-by-step.
- Memorize the common arguments and objects available in the context of provisioning rules, such as 'plan', 'application', and 'identity'.
📖 About this Domain
This domain covers the core governance process of access certifications in IdentityIQ. It focuses on the configuration, execution, and management of periodic access reviews. Understanding certification campaigns is critical for maintaining compliance and enforcing the principle of least privilege.
🎓 What You Will Learn
- You will learn to configure various certification types, including Manager, Application Owner, Entitlement Owner, and Role-Based certifications.
- You will learn to define certification schedules, notification templates, and lifecycle events within the certification definition object.
- You will learn how to implement remediation workflows for revoked access and configure escalation policies for inactive certifiers.
- You will learn the mechanics of continuous certification, which triggers reviews based on identity lifecycle events like transfers.
🛠️ Skills You Will Build
- You will build the skill to create and schedule access review campaigns by directly manipulating the CertificationDefinition XML.
- You will build the skill to manage the complete certification lifecycle, including generation, activation, remediation, and sign-off.
- You will build the skill to customize certification behavior using rules, such as exclusion rules, certifier rules, and pre-delegation rules.
- You will build the skill to troubleshoot common certification issues, including campaign generation failures and notification delivery problems.
💡 Top Tips to Prepare
- Master the structure and key attributes of the CertificationGroup and CertificationDefinition XML objects.
- Practice configuring diverse certification use cases, such as hierarchical manager certifications and targeted application owner reviews.
- Memorize the distinct stages of a certification campaign and the system tasks associated with each phase.
- Study the different certification rule types and their specific application points for customizing campaign logic.
📖 About this Domain
This domain covers the fundamental processes of application onboarding and data aggregation into IdentityIQ. It focuses on configuring connectors to source systems and defining the correlation logic that links discovered accounts to identity cubes. This is the foundation for building the identity warehouse.
🎓 What You Will Learn
- Configure application connectors like DelimitedFile, JDBC, and Active Directory to aggregate account and entitlement data.
- Define and customize correlation logic using system configuration and correlation rules to match accounts to identities.
- Understand the identity mapping process for creating new identity cubes from an authoritative source.
- Execute and troubleshoot account aggregation tasks, including refresh identity cube tasks and their performance options.
🛠️ Skills You Will Build
- Ability to onboard new applications by configuring schemas, correlation, and provisioning policies.
- Competency in writing basic BeanShell or XML rules to handle complex correlation scenarios.
- Skill in troubleshooting aggregation failures by analyzing task results and system logs.
- Proficiency in configuring and optimizing aggregation tasks for performance using partitioning and filtering.
💡 Top Tips to Prepare
- Gain hands-on experience by onboarding a DelimitedFile application, as it covers all core concepts.
- Master the flow of data from the connector, through the correlation logic, and into the identity cube.
- Understand the difference between authoritative and non-authoritative application onboarding processes.
- Review the XML for application objects and task definitions to understand their underlying structure.
📖 About this Domain
This domain focuses on managing the lifecycle and governance of non-human identities within IdentityIQ. It covers the specific configurations required to onboard, certify, and apply policy to service, system, and application accounts.
🎓 What You Will Learn
- You will learn to configure application onboarding to discover and correlate service accounts into the Identity Cube.
- You will understand how to assign ownership to non-human accounts for accountability in certification campaigns.
- You will learn to apply governance controls like policy enforcement, risk scoring, and access reviews to service accounts.
- You will explore strategies for integrating IdentityIQ with Privileged Access Management (PAM) systems for enhanced security.
🛠️ Skills You Will Build
- You will build skills in writing custom correlation and creation rules to handle un-owned accounts during aggregation.
- You will be able to design and implement targeted certification campaigns for high-risk service account entitlements.
- You will gain the ability to configure lifecycle management workflows tailored for service account provisioning and de-provisioning.
- You will develop competency in modeling service accounts and their entitlements within the IdentityIQ role model.
💡 Top Tips to Prepare
- Master the application correlation configuration, as this is critical for correctly linking service accounts to owners.
- Practice creating custom certification definitions that target accounts based on specific attributes like 'isServiceAccount'.
- Understand how to use lifecycle events and business processes to automate service account request, approval, and fulfillment.
- Review the official documentation on PAM integration to understand how IdentityIQ governs privileged credentials.
📖 About this Domain
This domain covers the fundamental components of the SailPoint IdentityIQ platform and their interactions. You will understand the core data model, deployment architecture, and the flow of identity data through the system.
🎓 What You Will Learn
- Identify the function of the IdentityIQ application server, database schema, and the contents of the iiq.war file.
- Understand the Identity Cube as the central data model for correlated identity information.
- Learn the sequence and purpose of core background tasks like aggregation, refresh, and propagation.
- Grasp the role of connectors, the Integration Module, and IQService in connecting to target systems.
🛠️ Skills You Will Build
- Ability to design a basic IdentityIQ deployment topology based on system requirements.
- Skills to troubleshoot common architectural issues involving database connectivity and task execution.
- Competency in tracing identity data from a source application, through aggregation, into the Identity Cube.
- Knowledge to articulate performance and scalability considerations for an IdentityIQ installation.
💡 Top Tips to Prepare
- Memorize the key components shown in the official IdentityIQ architecture diagrams.
- Whiteboard the data flow for an identity aggregation from an authoritative source.
- Review the purpose of critical database tables like spt_identity, spt_link, and spt_application.
- Differentiate the architectural roles of the host server, application server, and database server.
