I have a requirement that I have to mirror the Sailpoint production environment to sailpoint sandbox.
We have Sailpoint Sandbox ready.
We have workday sandbox ready with same production domain.
I have intergrated AD with sailpoint but we have a different domain in AD.
My plan is mentioned as below:
Since the AD domains are different, we will:
- Export production roles, groups, and entitlements from IDN.
- Map Workday and AD accounts correctly in the sandbox (account correlation).
- Import them into the IDN sandbox linked to the prototype AD.
Export Roles from SailPoint IDN (Production)
Use IdentityNow API to extract roles:
Export Entitlements from Production
Export Identity Mappings (Workday vs AD)
Since workday already have mjority of production data, do I need to do here anything ?
QQ Since Workday and AD domains are different, update domain mappings in exported data:
Then will, Import Roles, Entitlements, and Mappings into Sandbox.
Validate in Sandbox
- Run Aggregation in SailPoint IDN Sandbox:
- Navigate to IdentityNow > Sources > AD Prototype.
- Click Run Aggregation and verify users, groups, and entitlements.
- Verify Role Assignments:
- Check if roles are assigned correctly based on Workday data.
- Test Access Request & Provisioning:
- Request access and confirm entitlements are assigned as expected.
Is above process is correct?
I am not sure about importing configurations from Sailpoint Productions and to import into Sailpoint Sandbox. Any assistance or reference will be appreciated.
What to do if domain in Workday is different and AD is different?
Just changing UPN will work ?