Spirion (Identity Finder) - Understanding Tags in the Console
A brief overview of Tags in the Identity Finder Console, including best practices.
The Identity Finder Console organizes endpoints into what are called "tags". A tag represents a logical grouping of endpoints, like a university department, for example. There are a few different types of tags, and they are described below:
- Simple - A Simple tag is the most basic type of tag. Simple tags can contain endpoints as well as nested tags, much like a folder on your computer can contain sub folders.
- IP Range - An IP Range tag can be used to group endpoints belonging to a range of IP addresses. IP Range tags generate their contents automatically and cannot contain nested tags.
Before creating additional tags in the Console, it is important to consider tag naming conventions and tag visibility. In addition to a departmental Simple tag and customized installers, IT administrators using the campus Identity Finder Console will be given a "Role" for their department. Roles are used to separate user privileges, effectively blocking one department from viewing or administering another department's endpoints.
However, Roles share the same lists of tags, policies and reports--while you may only be able to see e.g. one or a few tags in your endpoint list, in reality there are dozens, if not hundreds. Because of this, it is very important to name your tags, policies and reports in a standard style that reflects the department using them.
IT Security strongly recommends new tags be created as nested tags of the Simple tag that was assigned to your department. If your new tags are created as nested tags of your IT Security assigned Simple tag, naming convention does not matter. Because those tags will only be visible after expanding your Simple tag, it is clear who they belong to, regardless of their names.
If you prefer to have your additional tags at the "top level", IT Security asks that you do so sparingly and follow a standard naming convention. For example, if IT Security was assigned the Simple tag "IT-Security", a good name for a new tag would be "IT-Security - Windows Workstations". Because the tag name has been prefixed with the department's Simple tag name, it is immediately clear who owns that tag. A bad name for this tag might be "IS Windows Workstations", and worse yet would be simply "Windows Workstations".
Creating a tag in the Identity Finder Console is very easy. From the Dashboard tab:
- Create a nested tag - Click on the name of the "parent" tag in your Endpoint List. From the ribbon, click on the "Tag" drop down button and choose "Create Nested Tag". Enter the name of the new tag and choose "Simple" or "IP Range" from the resulting window.
- Create a "top level" tag - From the ribbon, click on the "Tag" drop down button and choose "Create Tag". Enter the name of the new tag and choose "Simple" or "IP Range" from the resulting window. Please remember to give your tag a descriptive name.
To delete a tag, click on the tag you wish to delete and click "Remove Tag" from the Tag drop down button in the Ribbon. Alternative, right-click the tag name and choose "Tag > Remove Tag".
To move an endpoint to a different tag, click on the endpoint you wish to move and click "Move to Tag" from the Endpoint drop down button in the Ribbon. Alternatively, right-click the endpoint name and choose "Endpoint > Move to Tag". NOTE: You cannot move an endpoint out of a dynamic tag, as their contents are generated automatically.