Enhancement: Microsoft Entra - Supporting system assigned managed Identities

dinesh_mishra · September 3, 2025, 3:25pm

Description

The SailPoint Microsoft Entra (SaaS) and VA based Connector (Microsoft Entra ID/Azure Active Directory) now supports system assigned managed identities. These are classified as machine accounts (Workload identities in Microsoft Entra)!

Azure Managed Identity provides Azure services with a managed, automatically updated identity in Microsoft Entra ID. This allows them to securely access other services that support Microsoft Entra authentication, eliminating the need to manage credentials within application code. Essentially, it’s a way to give your Azure resources a secure identity for accessing other Azure resources without having to handle secrets or credentials directly. Previously, the connector supports user-assigned managed identities and with this new capability, you can manage the system-assigned managed identities.

A system-assigned managed identity is directly linked to a specific Azure resource (e.g., a virtual machine). It’s created when you enable the managed identity on that resource, and it’s deleted when the resource is deleted. This can be classified as “machine account” by using the default classification criteria for managed identities.

High-Level Capabilities for System-assigned Managed Identities

Aggregation of system-assigned managed identities in account aggregation.
Aggregation of assigned Microsoft Entra ID groups as an entitlement during account aggregation, and add or remove Microsoft Entra ID groups to or from managed identities.
Aggregation of assigned PIM roles (only Azure Active Roles) as an entitlement during account aggregation, and add or remove PIM roles (only Azure Active Roles) to or from managed identities.
Aggregation of assigned Azure Role Assignments (RBAC) as an entitlement during account aggregation, and add or remove Azure Role Assignments (RBAC) to or from managed identities.

Documentation

System-Assigned Managed Identities (VA based connector)
System-Assigned Managed Identities (SaaS connector)

Release Details

Identity Security Cloud - Now Available (both VA based and SaaS).
IdentityIQ - Upcoming releases (8.5p1, 8.4p3 and 8.3p5)

Topic		Replies	Views
Microsoft Entra ID: Service Principal Account Management Feature is now Generally Available Product News identity-security-cloud , connectors , new-enhancement	7	1073	August 8, 2025
EntraID connector functionalities ISC Discussion and Questions identity-security-cloud , connectors	2	142	April 22, 2025
Integrating SailPoint with Microsoft Entra ID Connectivity Documentation Feedback va-con-docs , microsoft-con-docs	2	419	September 13, 2024
Integrating SailPoint with Microsoft Entra SaaS ISC Discussion and Questions provisioning , va-con-docs	3	81	January 10, 2026
Supported Features Connectivity Documentation Feedback microsoft-con-docs , iiq-docs	1	22	May 5, 2025

Enhancement: Microsoft Entra - Supporting system assigned managed Identities

Description

High-Level Capabilities for System-assigned Managed Identities

Documentation

Release Details

Related topics