We are integrating an application into Sailpoint IDN to manage the LCM of the application for the users side. They already provided the API for Create, HealthCheck, Edit, Disable and groups. For Health Check and Groups Sailpoint was able to get but for Create and Edit for me to send a data to provision an account they want it to be encrypted.
Is there anyway for Sailpoint IDN to send an encrypted data to application side?
Quick questions and appreciate your inputs to them:
i. Is this application storing the data in encrypted format?
ii. If the ask is to secure the data being handled by SailPoint?
For the above questions then SailPoint has the concept of zero trust model enforced ref here.
If the above reference is useful as an additional security you can enforce TLS connection to the webservice connector.
@ABV11 If I’m understanding correctly, you want to encrypt the API body (which contains user attributes) and send this encrypted payload over to the endpoint. At the moment your app team uses AES encryption/decryption and do it manually.
If that’s the case, you will need to first construct your unencrypted string, and then encrypt it either by your own implementation of AES or via libraries like Apache Commons Crypto (if you have the necessary permissions to use this library) and add it into your body. If you’re using a JSON based request, maybe this can be a new key-value pair for the entire encrypted string.
This most likely will be a web services before operation rule. I’m assuming at the target, someone will manually intercept this encrypted payload request and take the downstream actions, and the credentials will be shared/hardcoded on the source.