We’re making use of the Identity Security Cloud Governance connector, with a “service account” as the Owner. The service account is tied to a specific Identity Profile for Service Accounts, separate from the Identity Profile for human identities.
We’d like to restrict all identities in all Identity Profiles from being able to connect Off Network. However, this seems to interfere with the function of the Cloud Governance connector, which uses IP presumably from Sailpoint ranges, not ours.
I’m curious to hear if anybody has run into this, and how they solved it? I guess we could create an Identity Profile dedicated solely to the Governance service account and avoid configuring Network restrictions for this one, but this seems inelegant.