Axonius Documentation
Start typing to search…

SailPoint IdentityNow

SailPoint IdentityNow is a SaaS identity and access management (IAM) solution.

Asset Types Fetched

See Additional Resources Required per Asset/Entity Type for a list of asset types this adapter fetches, with the prerequisites relevant to each asset type.

Before You Begin

APIs

Axonius uses the following APIs:

General Permissions

  • The value supplied in Client ID must be associated with credentials that have Read-only permissions to fetch assets.
  • The SailPoint personal access token must be assigned to the following grant types:

Additional Resources Required per Asset/Entity Type

Asset/Entity TypeAPI Endpoint(s)Required Axonius ProductTypePermission(s)Scope(s)
Usersv3/public-identities-Personal Access TokenUser levels: USERsp:scopes:default
Users (Identities)v3/accountsIdentitiesPersonal Access TokenUser levels: ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, HELPDESKidn:accounts:read
Accountsv3/sourcesAxonius SaaS ApplicationsPersonal Access TokenUser levels: ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, ROLE_SUBADMINidn:sources:read, idn:sources:manage
Roles / Rulesv3/rolesAxonius SaaS Applications, Axonius IdentitiesPersonal Access TokenUser levels: ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMINidn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read
Groupsbeta/workgroups-Personal Access Token-idn:workgroup:read
Security Roles (1)beta/entitlements, v3/searchIdentitiesPersonal Access TokenUser levels: Anyidn:entitlement:read, idn:entitlement:manage
Security Roles (2)v3/access-profiles, v3/searchIdentitiesPersonal Access Token or Client Credentials(Only for Client Credentials) User levels: ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, SOURCE_SUBADMINidn:access-profile:read
Certification Campaignsv3/campaignsIdentitiesPersonal Access TokenUser levels: ORG_ADMIN, CERT_ADMIN, REPORT_ADMINidn:campaign:read, idn:campaign:manage, idn:campaign-report:read, idn:campaign-report:manage
Certifications of campaignsv3/certificationsIdentitiesPersonal Access Token-sp:scopes:all
Review Itemsv3/certifications/{id}/access-review-itemsIdentitiesPersonal Access TokenUser levels: ORG_ADMIN, CERT_ADMIN-
Approversv3/certifications/{id}/reviewersIdentitiesPersonal Access TokenUser levels: ORG_ADMIN, CERT_ADMINidn:certification:read

Adapter Integration Setup

💡

While to access SaaS data you need to grant roles and/or permissions that include write capabilities, the adapter only actually reads data from the application.

  1. Login to IdentityNow as an organizational administrator (ORG_ADMIN).
  2. Navigate to the Admin UI > Dashboard and select the Overview page.
  3. Select Preferences from the drop-down menu under your username
  4. Select Personal Access Tokens.
  5. Click New Token and enter a meaningful description to help differentiate the token from others.
  6. Click Create Token to generate and view the two components that comprise the token: Client ID and Client Secret. Copy them to use when connecting the adapter in Axonius.

Connecting the Adapter in Axonius

Required Parameters

  1. Host Name or IP Address - The hostname or IP address of the SailPoint IdentityNow server. The field format is 'https://sailpoint.api.identitynow.com/v3'

  2. Client ID and Client Secret - The Client ID and Client Secret for an account that has the Required Permissions to the API. To obtain the Client ID and Client Secret via your personal access token, see Personal Access Tokens.

  3. SSO Provider (Only for accounts with Axonius SaaS Applications) - If your organization uses Okta for SSO, this adapter can be set as an SSO provider. See Connecting your SSO Solution Provider for more information.

SailPoint IdentityNow params

Optional Parameters

  1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
  2. HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.
  3. HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.
  4. HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

📘

Note

Advanced settings can either apply to all connections for this adapter, or to a specific connection. Refer to Advanced Configuration for Adapters.

  1. Use alias as employee ID - Select this option to set the alias field as the employee ID.
  2. List of private account attributes to include - Enter a list of private attributes to include with the users. Leave the field empty to include none.
  3. Include All Attributes - Select this option to parse all the attributes and ignore the List of private account attributes to include configuration list.
  4. Add Users Core Filters - Select this option to fetch only users that satisfy the core filters. For more information, see "add-core-filters" in Get a list of public identities.
  5. Enrich Entitlements of Accounts and Access Profiles (only for accounts with Axonius Identities) - Select this option to fetch entitlements of accounts and access profiles.
  6. Fetch Entitlements as Roles (only for accounts with Axonius Identities) - Select this option to enrich users with the role permissions they are assigned in SailPoint.
  7. Exclude Campaigns with prefix - Campaigns with the prefix will be excluded.
  8. Fetch Accounts (only for accounts with Axonius Software Management) - When selected, the fetch will create users from accounts or enrich users with account information and will create User Extensions.
  9. Use Filters when fetching accounts - Enable this option to set the following filters:
    1. Fetch Accounts Created In Last X Days - Enter a value for X.
    2. Fetch Accounts Modified In Last X Days - Enter a value for X.
    3. Fetch Only Accounts That Have Entitlements The fetch results will be filtered by what you define in this section.
  10. Fetch Sources (only for accounts with Axonius Software Management) - When selected, the fetch will create accounts from sources, fetch Applications, enrich users with sources data, and create User Extensions.
  11. Enrich Governance Groups With Connections - Select this option to enrich the "List Governance Groups" endpoint with the “List Connections for Governance Group“ endpoint.
  12. Enrich Governance Groups With Members - Select this option to enrich the "List Governance Groups" endpoint with the “List Governance Group Members“ endpoint.
  13. Use Username Value from Attributes - Select to populate the Username and Email fields with values from the Attributes section.
📘

Note

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.

Supported From Version

Supported from Axonius version 4.7

Related Enforcement Actions

SailPoint IdentityNow - Create Certification Campaign

Updated 3 days ago