SailPoint IdentityNow

SailPoint IdentityNow is a SaaS identity and access management (IAM) solution.

Related Enforcement Actions

• SailPoint IdentityNow - Create Certification Campaign

Types of Assets Fetched

This adapter fetches the following types of assets:

• Users
• Application Extensions
• Roles
• Groups
• User Extensions
• SaaS Applications
• Accounts/Tenants

Parameters

1. Host Name or IP Address (required) - The hostname or IP address of the SailPoint IdentityNow server. The field format is 'https://sailpoint.api.identitynow.com/v3'

2. Client ID and Client Secret (required) - The Client ID and Client Secret for an account that has the Required Permissions to the API.
   To obtain the Client ID and Client Secret via your personal access token, see Personal Access Tokens.

3. SSO Provider (Only for accounts with Axonius SaaS Applications) - If your organization uses Okta for SSO, this adapter can be set as an SSO provider see Connecting your SSO Solution Provider.

4. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

5. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

6. HTTPS Proxy User Name (optional) - The user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

7. HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

1. Use alias as employee ID - Select this option to set the alias field as the employee ID.
2. List of private account attributes to include - Enter a list of private attributes to include with the users. Leave the field empty to include none.
3. Include All Attributes - Select this option to parse all the attributes and ignore the List of private account attributes to include configuration list.
4. Add Users Core Filters - Select this option to fetch only users that satisfy the core filters. For more information, see "add-core-filters" in Get a list of public identities.
5. Fetch Entitlements of Accounts and Access Profiles (only for accounts with Axonius Identities) - Select this option to fetch entitlements of accounts and access profiles.
6. Enrich User Entitlements (only for accounts with Axonius Identities) - Select this option to enrich users with the permissions they are assigned in SailPoint. Each user is listed under each entitlement with a link to the user.
7. Enrich Governance Groups With Connections - Select this option to enrich the "List Governance Groups" endpoint with the “List Connections for Governance Group“ endpoint.
8. Enrich Governance Groups With Members - Select this option to enrich the "List Governance Groups" endpoint with the “List Governance Group Members“ endpoint.

APIs

Axonius uses the following APIs:

• SailPoint List of Public Identities API
• SailPoint Accounts list API

Required Permissions

The value supplied in Client ID must be associated with credentials that have Read-only permissions to fetch assets.

The SailPoint personal access token must be assigned to the following grant types:

• CLIENT_CREDENTIALS

• REFRESH_TOKEN

Adapter Integration Setup

1. Login to IdentityNow as an organizational administrator (ORG_ADMIN).
2. Navigate to the Admin UI, click on the Dashboard dropdown and select the Overview page.
3. Select Preferences from the drop-down menu under your username, then Personal Access Tokens on the left.
4. Click New Token and enter a meaningful description to help differentiate the token from others.
5. Click Create Token to generate and view the two components that comprise the token: the Secret and the Client ID.

Supported From Version

Supported from Axonius version 4.7