Hey everyone! First, I’m sorry if this is in the wrong category. I came here looking for “IdentityNow” prompted by clients of ours that use SailPoint, but mostly find “ISC” and “IIQ” - not sure where this fits in the matrix.
We’ve got a SaaS software (learning tool) and would like to give our clients a means to connect to Sailpoint as easily as possible to perform entitlement reviews and so forth. I have found this here: Build a Basic SaaS Connector | SailPoint Developer Community
The instructions are clear enough - but this I imagine will create a redistributable “project” that we have to dish out to clients?
Is there a cleaner path to achieve the same purpose? For example, one where they can just install an integration from a list?
Sorry for what might be “obvious” questions; we don’t have access to Sailpoint ourselves, and are looking to support those that do.
Welcome to SailPoint Developer community!
To answer your first question - IdentityNow is now encompassed in and renamed as ISC (Identity Security Cloud) Identity security cloud - Products
If the SaaS software exposes a well-documented REST API, then SailPoint ISC’s Web Services connector can be an option to explore. It allows clients to configure CRUD operations (like reading users, accounts, entitlements, etc.) without building a custom connector from scratch.
Thanks for the response @aishwaryagoswami, and for the clarification on IdentityNow becoming ISC.
We do have a REST API, but in addition to having role based entitlements, we have a complex ACL system that evolves often (as we add features, etc).
My feeling is that developing a connector would help simplify the conversation with our clients. In the FI space where we sit, the second that we talk REST, the whole TPRM team fires up. If we had a baked connector, it might be easier for our clients (who usually sit in Digital or L&D teams within the org).
Is the link that I found the right place to start? Is there otherwise a kind of “approved partner” track that lets us provide a baked-in connector? How do things work?
If you were us (SaaS vendor that wants to bake a connector for Sailpoint ISC) where would you start?
Not a SailPoint employee - but you’re on the right track.
SailPoint has formal partnerhsip programs here: Our Partner Ecosystem. You’ll probably want to look at the Technology partner type: Become a partner.
And I do think you’re on the right steps for the custom SaaS type connector. You’ll be able to build a much deeper integration with more flexibility for your customers. You can open source your connector through the CoLab here: SailPoint Developer Community so that your users can use the connector in their SailPoint instances to start. I’ve personally published a couple that way. This does require your customer to compile the connector from it’s source and publish it to their tenants, but this is well documented.
If you and SailPoint establish a more formal partnership there would be opportunity for the connector to ship with the product, but SailPoint would most likely require additional validation / own some portion of co-development / maintenance for the connector.
Thank you @adunker ! I’m almost done whipping up a connector, it was pretty simple to code - the sail cli was very easy to use. Appreciate all the responses! I’ll dig a bit deeper, and will update the thread with questions! Thank you very much!
Actually - I have one question! When returning a user from something like stdAccountRead - can we return the user JSON in any format? I couldn’t find a kind of “standard dictionary” for user data. I imagine that this all gets mapped somehow within the Sailpoint UI?
What is important is that the data that you return is compliant with the account / group schema that you define as part of your source. However you name it is up to you, but the two (your code and the schema) must be equal.
