I was wondering if any has been able to set up a CI/CD process for managing IdN? I am on a very small team supporting a decent size enterprise. My team is currently 2 people supporting around 60K end users. Because we are such a small team we are struggling to be able to fully deliver the needed value to our business with the platform because our current processes are taking way to many cycles to get something very simple out the door.
I would love to be able to set up a process where we can take in work and quickly process it so that we can better empower our business meet their goals. Has anyone else run into this use case and how did you address it with process and procedures?
There really isn’t out of the box support for these sorts of things in IDN. Work is progressing in some of the component areas, but a true cohesive CI/CD pipeline model (including promote to production) isn’t there.
Because of prior community (shout out to Darren J Robinson), and now official support of PowerShell/CLI tools, when using a strong CI/CD back end (AZDO/Jenkins/Bamboo) it’s possible to build your own custom solution, using that backends pipeline code layer (often YAML calling the SailPoint PS/CLI) but it’s a decent amount of work.
I’m sure SailPoint sees the ‘click a bunch of times in Sandbox then repeat clicking in Prod’ as a not great way to do things and will continue to resolve some of these areas over time. The recent Configuration hub ( (Using the Configuration Hub - SailPoint Identity Services)) is a good example.
Hey @mpotti! We built a DevOps solution for IIQ and IDN that leverages a service container housing a collection of homegrown tools to perform different pre-deployment tests, automated deployments with tokenization features, and automated post-deployment regression/QA testing. We have been working on a blog series for this and hopefully will be demoing it at Dev Days this year! The blog series is titled “In Sync & Secure,” and if you are unable to view it in the drafts section currently, you can also view it on our page. If you’d like me to run you through it, let me know, and I can show you a demo as well!
Hi @mpotti , we do have the configuration hub which is a new tool to help with IDN configuration management and migrations between environments. It includes option for value tokenization for content sensitive migrations, reference resolution and much more.
Please check the documentation:
We are working to enable more automation and config hub actions via APIs, such as uploads and more.
You can also refer to the configuration hub breakout session from Navigate 2023 - I believe customers have access to these recorded breakout sessions but you might need to sign up with your navigate / customer details On-demand identity security sessions - Navigate | SailPoint
if you search for “configuration” you will find the breakout session for configuration hub.
