Spirion (Identity Finder) - Understanding Tags in the Console
Overview
Important: With the new Spirion 12 management console, the naming convention for Top Tags changed to match the UDDS-based names used in other tools.
The Spirion Console organizes endpoints into what are called "tags". A tag represents a logical grouping of endpoints, like a university department. There are a few different types of tags, and they are described below:
- Simple - A Simple tag is the most basic type of tag. Simple tags can contain endpoints as well as nested tags, much like a folder on your computer can contain sub folders.
- IP Range - An IP Range tag can be used to group endpoints belonging to a range of IP addresses. IP Range tags generate their contents automatically and cannot contain nested tags. IP Range tags are called also Dynamic Tags because the contents are generated and updated automatically. The use of Dynamic Tags is strongly discouraged due to the lack of testing on Spirion 12 at the time of this writing.
Departmental IT administrators interested in using the campus Spirion Console will be set up with a Simple tag for their department, as well as Windows and Mac Spirion installers that place endpoints in that tag automatically. While this setup will work fine for most administrators, it is possible to organize endpoints further with additional tags, as described below.
Tag Naming
Before creating additional tags in the Console, it is important to consider tag naming conventions and tag visibility.
In addition to a departmental Simple tag and customized installers, IT administrators using the campus Spirion Console will be given a "Role" for their department. Roles are used to separate user privileges, effectively blocking one department from viewing or administering another department's endpoints.
However, while you may only be able to see one or a few tags in your endpoint list, in reality there are dozens, if not hundreds, of tags. Administrators at the Office of Cybersecurity work with the complete list. Because of this, it is very important to name your tags, policies and reports in a standard style that reflects the department using them.
Cybersecurity strongly recommends new tags be created as nested tags of the Simple tag that was assigned to your department. If your new tags are created as nested tags of your Cybersecurity assigned Simple tag, naming convention does not matter. Because those tags will only be visible after expanding your Simple tag, it is clear who they belong to, regardless of their names.
If you prefer to have your additional tags at the "top level", Cybersecurity asks that you do so sparingly and follow the standard convention. Top Tags match the UDDS-based department name used in Amp, for example A54-SchoolOfNursing. If the department needed to create an additional Top Tag, it would append a descriptive word to the end, for instance A54-SchoolOfNursing-Macs. (Ideally, they would simply create a nested tag, Macs, inside the A54-SchoolOfNursing tag.)
Creating a Tag
Creating a tag in the Spirion Console is very easy. From the Status tab:
- Create a nested tag - Click on the name of the "parent" tag in your Endpoint List. From the ribbon, click on the "Tag" drop down button and choose "Create Nested Tag". Enter the name of the new tag and choose "Simple" from the resulting window.
- Create a "top level" tag - From the ribbon, click on the "Tag" drop down button and choose "Create Tag". Enter the name of the new tag and choose "Simple" from the resulting window. Please remember to give your tag a descriptive name that begins with the UDDS code for your department.
Deleting a Tag
To delete a tag, click on the tag you wish to delete and click "Remove Tag" from the Tag drop down button in the Ribbon. Alternative, right-click the tag name and choose "Tag > Remove Tag".
Moving an Endpoint to a Different Tag
To move an endpoint to a different tag, click on the endpoint you wish to move and click "Move to Tag" from the Endpoint drop down button in the Ribbon. Alternatively, right-click the endpoint name and choose "Endpoint > Move to Tag". NOTE: You cannot move an endpoint out of a dynamic tag, as their contents are generated automatically.