A hand typing on a laptop with floating digital icons for Wi-Fi, email, and security locks, representing data connectivity and protection.

Metadata Attributes in Identity Governance Explained

Date Posted:

Category:

Security

Author:

Dhanushri

A hand typing on a laptop with floating digital icons for Wi-Fi, email, and security locks, representing data connectivity and protection.

Metadata Attributes in Identity Governance Explained

Date Posted:

Category:

Security

Author:

Dhanushri

A hand typing on a laptop with floating digital icons for Wi-Fi, email, and security locks, representing data connectivity and protection.

Metadata Attributes in Identity Governance Explained

Date Posted:

Category:

Security

Author:

Dhanushri

Metadata Attributes in SailPoint ISC: Governance and Best Practices

Metadata attributes are used to add contextual information, governance, tracking. It can be added in the policies, rules, certifications, reports, workflows. The difference between configurations attributes and metadata attributes is earlier is for provisioning and access decisions and later is for governance, tracking and context.

Best Practices:

-Standard naming conventions

-Avoid unnecessary attributes

Types:

  • Default metadata attributes

  • Custom metadata attributes

Out-of-box attributes

  1. Access Type-Insider, system

  2. Cloud Service Type-Compute, Storage

  3. CSP-AWS, Azure, GCP

  4. Data Access Security-Exposed, Data Classification Level-

  5. Confidential, Internal, common access, public 

  6. Environment-Production, Non-Production

  7. Federal Classification-NOFORN, ORCON

  8. Permission Type-create, update, read, delete

  9. Privacy -Private, Public

  10. Regulatory-GDPR, HIPPA

  11. Requires Training- Yes, No

  12. Risk- Critical, Low, Medium, High

Default Metadata Attributes

Go to Admin>Access Model>Metadata attributes.

It is available in the left panel Global metadata attributes> Default tab

  1. Select the role or any other access item which you want to add the metadata attribute.

  2. Select the metadata attributes in the left panel

  3. Choose the attributes add the values.

Metadata attributes configuration screen in SailPoint ISC for adding role attributes like privacy, regulatory, and risk levels.

Fig: Attributes in the selected role named common

SailPoint ISC role metadata attributes list showing a selected privacy attribute with options to update.

Fig: View of metadata attributes chosen 

Custom metadata attributes

You can create custom attributes in Global metadata attributes, it will be available in all the access items.

  1. Admin>access model>metadata attributes

  2. Click on create attribute

  3. Add the name, description, values

  4. Select save.

Editing the metadata attributes

  1. Admin>access model>metadata attributes

  2. Select the attribute

  3. In action select Edit or delete

  4. Select save

You can edit name, description, values but not the technical name.

SailPoint ISC interface for adding role metadata attributes, showing an expiry date configuration with multiple values.

Fig: Custom Attribute appears in the left panel with the values

Metadata Attribute view in Selected Entitlement

The view of governance metadata in the role will be displayed in the selected access item

SailPoint ISC Entitlement details for AIC Dashboard Reader showing governance metadata like high risk and non-production environment.

Fig: View of the metadata in the entitlement named AIC Dashboard Reader


Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Category:

Security

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Category:

Category:

Security

Security

Get your

Tailored Quote for your

Organisation

Get your

Tailored Quote for your

Organisation

Metadata Attributes in SailPoint ISC: Governance and Best Practices

Metadata attributes are used to add contextual information, governance, tracking. It can be added in the policies, rules, certifications, reports, workflows. The difference between configurations attributes and metadata attributes is earlier is for provisioning and access decisions and later is for governance, tracking and context.

Best Practices:

-Standard naming conventions

-Avoid unnecessary attributes

Types:

  • Default metadata attributes

  • Custom metadata attributes

Out-of-box attributes

  1. Access Type-Insider, system

  2. Cloud Service Type-Compute, Storage

  3. CSP-AWS, Azure, GCP

  4. Data Access Security-Exposed, Data Classification Level-

  5. Confidential, Internal, common access, public 

  6. Environment-Production, Non-Production

  7. Federal Classification-NOFORN, ORCON

  8. Permission Type-create, update, read, delete

  9. Privacy -Private, Public

  10. Regulatory-GDPR, HIPPA

  11. Requires Training- Yes, No

  12. Risk- Critical, Low, Medium, High

Default Metadata Attributes

Go to Admin>Access Model>Metadata attributes.

It is available in the left panel Global metadata attributes> Default tab

  1. Select the role or any other access item which you want to add the metadata attribute.

  2. Select the metadata attributes in the left panel

  3. Choose the attributes add the values.

Metadata attributes configuration screen in SailPoint ISC for adding role attributes like privacy, regulatory, and risk levels.

Fig: Attributes in the selected role named common

SailPoint ISC role metadata attributes list showing a selected privacy attribute with options to update.

Fig: View of metadata attributes chosen 

Custom metadata attributes

You can create custom attributes in Global metadata attributes, it will be available in all the access items.

  1. Admin>access model>metadata attributes

  2. Click on create attribute

  3. Add the name, description, values

  4. Select save.

Editing the metadata attributes

  1. Admin>access model>metadata attributes

  2. Select the attribute

  3. In action select Edit or delete

  4. Select save

You can edit name, description, values but not the technical name.

SailPoint ISC interface for adding role metadata attributes, showing an expiry date configuration with multiple values.

Fig: Custom Attribute appears in the left panel with the values

Metadata Attribute view in Selected Entitlement

The view of governance metadata in the role will be displayed in the selected access item

SailPoint ISC Entitlement details for AIC Dashboard Reader showing governance metadata like high risk and non-production environment.

Fig: View of the metadata in the entitlement named AIC Dashboard Reader


Next Blog

Next Blog