Introduction Of Non-Employee Risk Management

Managing non-employees is critical to maintaining your organization's security. SailPoint's Non-Employee Risk Management solution helps you oversee and track non-employees and their life cycles within your organization. This tool allows you to manage individuals such as contractors, vendors, and external partners by organizing their data using profiles. These profiles are managed by users who can be added to your system and given roles to facilitate profile creation, linking, and oversight.

Overview

• Non-employee user accounts are created in your tenant through an integration with your SSO platform, and the roles assigned to these users determine the profiles they can manage.

• To enable profile creation, start by designing forms and assembling them into pages that users can complete when creating new profiles.

• Define profile types to categorize data about your non-employees, such as their individual information, the organizations they are affiliated with, or the projects they are involved in.

• Set up workflows to allow users to create and update profiles for each profile type. Each type will require its own workflows, which users can activate to manage relevant profiles.

• Once these elements are configured, users can create profiles for each type and link them together to build a comprehensive map of non-employee data essential for your organization.

Managing Users

1.Lifecycle Users

The majority of accounts in Non-Employee Risk Management are provisioned either via your SSO provider or by importing a CSV file, and these are referred to as lifecycle users.

Steps to Importing New Users

• Select  System > Users.

• Select Import

• Select the CSV file

• Select open

• Select Import.

2.Portal Users

By utilizing the Collaboration service, you can provide non-employees with accounts that are accessible through custom portals you create, referred to as portal users. Both portal users and lifecycle users can be managed within your Non-Employee tenant.

Steps to creating portal users

• If you want to invite portal users, first create a portal and its associated registration and login workflows.

• Non-employees must be invited to your tenant by using the Registration Invitation action within a registration workflow. Once they complete the registration and authentication process, they are automatically included in your list of portal users.

3.Administrators

Administrators in Non-Employee are tasked with configuring and managing your tenant through the admin console. Since they have full access to all settings and features, it is important to assign the administrator role to users with careful consideration..

Steps to grant users to the Admin Console:

• Designate a specific group or entitlement in your identity provider for users you wish to assign as administrators, ensuring it is included in the groups attribute of the SAML assertion.

• Create a role within Non-Employee to assign to these administrators in your tenant.

Steps to create Administrator Role:

1. Create New Role.

2. Select Directory Group from your Identity Provider.

3. In the PERMISSIONS section, under the Application header, Select the Yes Radio button beside Admin

4. This grants users with this role access to the admin console.

5. Select Create.

Default Roles

Non-Employee Risk Management provides two default roles: Profile Owner and Profile Contributor, both categorized as contributors. These roles allow lifecycle and portal users to manage profiles within Non-Employee.

These roles can be customized to align with your business requirements, enabling you to define the specific access each role provides. Users with these roles can perform the configurations permitted by their assigned role on the profiles they manage. While multiple Profile Contributors can be assigned to a profile, each profile can have only one Profile Owner.

The default system roles are the only ones that can be assigned to lifecycle users without requiring entitlements or groups from your identity provider. Instead, these roles are granted directly on a profile's details page, through workflows, or via a profile attribute.

Lifecycle Roles

User roles determine the permissions and access levels assigned to system users, including who can access the admin console. Within Lifecycle, you can create and manage custom user roles with highly detailed controls. Additionally, the product includes two default user roles that provide users with specific permissions for managing profile types.    

Steps to create custom Lifecycle roles

1. Go to Admin > Lifecycle > User Roles.

2. On the Directory Groups tab, Select New Role.

3. Give Basic settings

4. Choose the permissions you want users with this role to have.

5. Select Create.

Collaboration User Roles

Collaboration user roles specify the permissions and access levels granted to portal users within Non-Employee. These roles allow portal users to access specific parts of your Non-Employee tenant. Collaboration roles are exclusive to portal users and cannot be applied to lifecycle users, just as lifecycle roles cannot be applied to portal users. Collaboration roles are assigned to portal users through the Collaboration Account Action in workflows or automatically based on the groups or entitlements configured in your identity provider.

Steps to create custom portal role

1. Select Admin > Collaboration > User Roles.

2. Select New Role.

3. Enter Unique name.

4. In the Portals column, choose which portals this role applies to.

5. Select Create.

6. Select the PERMISSIONS tab. Choose the permissions you want users with this role to have.

Collaboration

Collaboration in Non-Employee Risk Management enables non-employees to actively participate in managing non-employee profiles. It allows you to set up portals where non-employees can authenticate into the system and workflows to manage registration and login processes. Once logged in, these non-employee users can manage their own profiles or other profiles, depending on their assigned roles. The Collaboration Activity Log can be used to monitor registrations and authentication activities.

Portals

Portals enable non-employees to access your Non-Employee Risk Management tenant and update their personal details within your system. Each portal within your tenant can have its own authentication settings, password policy, and registration procedure. The login pages for these portals can feature distinct URLs and branding elements, allowing each portal to have a customized appearance.

Steps to create Portal

1. Go to Admin > Collaboration > Portals.

2. Select + Portal.

3. Complete the following fields Name, URL, Login Workflow, Password Recovery Workflow ,Registration Workflow, Logo etc.

4. Select Create.

Just-In Time Provisioning to Portal users

You can set up Just-In-Time provisioning for portal users logging into your tenant through your SSO provider, allowing users to have an account created automatically the first time they authenticate.

Security Questions

You can create and modify security questions to be used in collaboration workflows as an extra layer of verification for portal users when logging in or resetting their passwords. Users will set their answers to these questions during the registration process. Note that security questions cannot be deleted.

Steps to create Security question

1. Go to Admin > Collaboration > Security Questions.

2. Select + Security Question.

3.  Enter the question and UID.

4.  Select Create.

Profile Types

Profile types are used to categorize and organize similar profiles or objects within Non-Employee Risk Management. The profile type defines the information users must provide when creating a new profile. Each profile type has specific attributes and workflows, and it can be managed individually or connected with other profile types to build comprehensive maps of relationships within your organization.

Steps to create a profile type:

1. Go to Admin > Lifecycle > Profile Types.

2. Select + New Profile Type.

3. Give Basic settings.

4.  In the PERMISSIONS section, choose whether or not the users from any additional roles, separate from the default roles, should be granted access to this profile type, based on the permissions granted to users with that role in the Profile Access section of its Permissions.

5.  Select Create.

6.  Select Save.

Profiles

A profile represents any individual, organization, or entity managed within Non-Employee Risk Management, along with the associated data. This encompasses non-employees, the organizations they belong to, the assignments they are involved in, and other relevant data about non-employees within your organization.        

Steps to create profiles:

1. End users can create new profiles based on the Create Workflows configured for the profile types they work with.

2. Administrators can create an individual Profiles from the list of profiles.

3. Administrators can also upload a CSV File containing a list of new profiles.

Attributes

An attribute represents a specific characteristic of a profile. A collection of attributes constitutes the data associated with a profile. By creating an attribute, you can design a form for it, which dictates how data is input for that attribute. These forms are grouped into pages, which users are prompted to complete when creating a new profile.         

Steps to create Attributes:

1. Go to Admin > Templates > Attributes.

2. Select +Attribute.

3. Give Unique name.

4. In the Field type field,select the type

5. Select save.

Form

A form is a collection of fields, each corresponding to an attribute of a profile. Forms are organized into pages, which can be assigned to users to complete when specific workflows are triggered.

 Steps to create Form:

1.  Go to Admin > Templates > Forms.

2.   Select + Form.

3.   Enter Unique Name.

4.  Select Create.

5.   In the Add attributes field, search for and select one or more attributes to add to your form.

6.    To remove and reorder the attributes in your form:

• Select the name of the attribute and drag it to another spot in the form to change its order.

• Select the Delete icon  to remove this attribute from the form.

 7.When you're finished adding attributes to your form, Select save.

Pages

Pages consist of forms, text, and other components that determine how information is displayed to the end user. In Non-Employee Risk Management, there are two types of pages: workflow pages and profile pages.

 1.Workflow pages

Workflow pages are presented to a user during the workflow’s execution , like when they are creating or updating a profile.

 Steps to create Workflow Pages:

1. Go to Admin > Templates > Pages.

2. Select + Workflow Page.

3. Give Name and Description.

4. Select Create.

5. To add objects to your workflow page, select one of the options in the panel on the right of the Page Content canvas. Available options are Forms, Read only forms, Text, Other.

6. Select save.

2.Profile Pages

Profile pages are shown within an individual profile, and the information presented to the user depends on their attribute permissions.

Workflow

• A workflow is a customizable sequence of steps designed to complete a specific task within Non-Employee Risk Management. Various types of workflows are available, depending on the services you utilize within Non-Employee.

• Lifecycle workflows enable you to create and update profiles, with the flexibility to add multiple actions to align with your business requirements.

• Collaboration workflows allow portal users to log in and manage their non-employee profiles and accounts.

Conclusion

SailPoint's Non-Employee Risk Management (NERM) product helps organizations manage non-employee relationships and identity access in a way that supports regulatory compliance, reduces risk, and improves operational efficiency.