ConnectorsSailPoint IdentityNow
SailPoint IdentityNow
Connect SailPoint IdentityNow (ISC) to Compass for governance analysis.
The SailPoint connector integrates with SailPoint Identity Security Cloud (formerly IdentityNow) to pull governance, certification, and access management metrics.
Prerequisites
- A SailPoint ISC tenant
- An API client with appropriate permissions
Setup
1. Create an API Client
- Sign in to your SailPoint Admin Console
- Go to Global Settings > API Management
- Click Create New
- Name it "Compass IAM Discovery"
- Grant the following scopes:
idn:accounts:readidn:certifications:readidn:roles:readidn:entitlements:readidn:access-profiles:readidn:identity-profiles:read
- Copy the Client ID and Client Secret
2. Add to Compass
- Go to Settings > Connectors in Compass
- Click Add Connector > SailPoint IdentityNow
- Enter:
- Tenant URL — Your SailPoint tenant URL (e.g.,
yourcompany.api.identitynow.com) - Client ID — The API client ID
- Client Secret — The API client secret
- Tenant URL — Your SailPoint tenant URL (e.g.,
- Click Test Connection
- Save
Metrics Collected
| Category | Metrics |
|---|---|
| Identities | Total count, correlated vs uncorrelated, identity profiles |
| Access Certifications | Completion rates, overdue certifications, revocation rates |
| Roles | Role count, role composition, role membership distribution |
| Entitlements | Total entitlements, orphaned entitlements, high-risk entitlements |
| Access Requests | Request volume, approval times, auto-approval rates |
| Segregation of Duties | SoD policy violations, conflicting access, risk scores |
Troubleshooting
Authentication failures
SailPoint API tokens expire after a configurable period. If authentication fails, verify your Client ID and Secret are still valid in the SailPoint Admin Console.
Missing certification data
Certification metrics require active certification campaigns. If no campaigns are running or recently completed, these metrics will show as unavailable.