We are developing a custom connector using the new development platform for IdentityNow. As part of this, an AWS database has been setup to provide the connector we are developing a workspace for calculations, but we are stuck on how to provide sufficient authentication security.
We are thinking if SailPoint is able to give us their AWS account number we could easily setup authentication as it would be AWS to AWS. The other option we would like to use is MTLS authentication, if it’s supported.
My question is what is recommended for authentication going from IdentityNow to AWS?
Hello Daniel! Welcome to the community, and I’m happy to see you using the new SaaS Connectivity!
For authentication to external sources, using mTLS or having SailPoint provide their AWS credentials is not going to be an option, because that would require you to make configurations or have access to the IDN service, which is not going to be allowed.
That being said, you still have a lot of options for providing secure access to your AWS service. I would not recommend connecting directly to a database, but you can setup a webserver or AWS API Gateway to handle your authentication before passing data to IDN. I won’t give any specific recommendations for securing your infrastructure, but there are plenty of whitepapers and documentation on AWS that detail best practices to use. A good example I found in relation to API Gateway is here: Controlling and managing access to a REST API in API Gateway - Amazon API Gateway
Hopefully that helps to point you in the right direction!