Does IdentityIQ REST APIs support OAuth2.0 Authentication?

niralishah · August 19, 2025, 2:12am

We have found API Client configuration on IdentityIQ8.4 UI. but in the REST API document, only Basic Authentication is mentioned as supported Authenticaion. So do we have support of OAuth2.0(token based) Authentication for SailPoint IdentityIQ REST APIs? If yes, what is the endpoint that we can use for generating token?

harsh_gupta4 · August 19, 2025, 4:44am

Hi @niralishah ,

SCIM API supports the OAUTH2.0 .

Look in to below link , it will help -

https://community.sailpoint.com/t5/IdentityIQ-Forum/IdentityIQ-8-SCIM-API-Authentication/m-p/204307

In case you still feel issue , feel free to reach out , will let you know the exact steps.

niralishah · August 19, 2025, 5:19am

I’m unable to open the link. Can you please provide the exact steps for the same?

harsh_gupta4 · August 19, 2025, 5:27am

Refer below WIKI Article for exact steps -

harsh_gupta4 · August 19, 2025, 5:29am

In case you are not able to access link -

OAuth 2.0

OAuth 2.0 Authentication will be supported in IdentityIQ version 7.1. Versions prior to 7.1 only support basic authentication.

OAuth client management page

The OAuth Client Management page has the following tabs and options:

• OAuth Client Management tab — displays a list of the current OAuth clients.

 - Create Button — creates an OAuth client that has a proxy user with an associated secret.

 - Secret Details icon — displays the secret for the an OAuth client.

 - Actions icons — Edit, Delete, Regenerate Secret

• General Settings tab

 - Access Token Expiration In Seconds

How to create an OAuth client

 1\. From the top menu, navigate to the Gear icon > Global Settings > API Authentication.

 2\. On the OAuth Client Management tab, click Create.

 3\. In the OAuth Client dialog enter a unique name for Client Name and then enter a user name or select a user from the drop-down list for the Proxy User.

 4\. Click Save to save your new OAuth client.

After your create an OAuth client, you can use it with the associated secret to log in and access the token for that proxy user.

How to get access token for OAuth

When we are enabling OAuth authentication, we should get access token before invoking IdentityIQ API.

We should use the following details to get access token from IdentityIQ:

client_id - will get client id from OAuth client management
client_secret - will get client id from OAuth client management
grant_type (client_credentials)
Token URL - “http://localhost:8080/identityiq/oauth2/token”

Sample REST Client to get access token

undefined

  Client client = ClientBuilder.newClient();

  MultivaluedMap<String, String> formData = new MultivaluedHashMap();

  formData.add("grant_type", grantType);

  String secret = "Basic "+Base64.encodeBase64String(new String(clientID+":"+clientSecret).getBytes()); // we should use Base64 encode to encode client id and client secret

  Response  response = (Response) client.target(tokenURL). // token URL to get access token

  request(MediaType.APPLICATION_JSON). // JSON Request Type

  header( "Authorization", secret ) // Authorization header goes here

  .post(Entity.form(formData))  ;   // body with grant type

  String output = response.readEntity(String.class); // reading response as string format

Sample output

"expires_in": 1200,

  "token_type": "bearer",

  "access_token":"original token"

Access IdentityIQ API

When OAuth authentication is enabled for IdentityIQ API, we should get access token before consuming API. After we receive access token from IIQ, will access API with access token.

Sample REST client to access IdentityIQ API

undefined

Client client = ClientBuilder.newClient();

  Response response = (Response)client.target(apiURL). // API URL goes here (e.g. http://localhost:8080/identityiq/scim/v2/Applications/{Application id/Name}

  request(MediaType.APPLICATION_JSON). //Request type

  accept(accepType). // Response access type - application/scim+json

  header("Authorization", token).get(); // header with access token as authorization value

  String output = response1.readEntity(String.class); // reading response as string format

Sample output

"id": "2c9084ee5571ab87015571ac44810319",

"schemas": [

"urn:ietf:params:scim:schemas:sailpoint:1.0:Application"

],

"identAttr": {},

"applicationSchemas": [

"value": "2c9084ee5571ab87015571ac4482031b",

"$ref": "http://localhost:8080/iiq/scim/v2/Schemas/urn:ietf:params:scim:schemas:sailpoint:1.0:Application:Sch...",

"type": "account"

],

"name": "HR_Employees",

"features": [

"DIRECT_PERMISSIONS",

"NO_RANDOM_ACCESS",

"DISCOVER_SCHEMA"

],

"owner": {

"value": "2c9084ee5571ab87015571ac426d0316",

"$ref": "http://localhost:8080/iiq/scim/v2/Users/2c9084ee5571ab87015571ac426d0316",

"displayName": "HR_Employees App Owners"

},

"type": "Delimited File Parsing Connector",

"meta": {

"lastModified": "2016-06-21T01:42:49.362-05:00",

"created": "2016-06-21T01:36:03.074-05:00",

"location": "http://localhost:8080/iiq/scim/v2/Applications/2c9084ee5571ab87015571ac44810319",

"resourceType": "Application",

"version": "W/\"1466491369362\""

system · October 18, 2025, 5:30am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
8.3 SCIM API OAuth support IIQ Discussion and Questions	2	832	July 19, 2023
How to create an access token to access IIQ APIs in my local setup IIQ Discussion and Questions	4	4085	July 19, 2023
Unable to get OAuth2 in IdentityIQ v8.1 working IdentityIQ (IIQ)	2	2012	November 17, 2021
How to authenticate SailPoint IIQ Out-of-the-box API's using OAuth 2.0 Client Credentials instead of Basic Auth IIQ Discussion and Questions apis , identityiq , authentication	8	201	May 27, 2025
Issue using Oauth2 IIQ Discussion and Questions apis , identityiq	5	74	August 22, 2025