We have separate Production and Sandbox tenants in SailPoint Identity Security Cloud, but they’re not aligned. What proven approaches and checkpoints do you recommend to bring Sandbox in line with Production prior to kicking off new implementation work.
1) Back up both tenants
In Config Hub, take full manual backups of Prod and Sandbox (all object types) for rollback.
2) Connect tenants
Create a PAT in Prod with sp:config:backup-connection. In Sandbox: Configuration Hub → Tenant Connections → add Prod using that PAT.
3) Migrate in phases
* Phase 1: AUTH_ORG, IDENTITY_OBJECT_CONFIG, SOURCE (authoritative), TRANSFORM, RULE, PASSWORD_POLICY
* Phase 2: IDENTITY_PROFILE, LIFECYCLE_STATE, PUBLIC_IDENTITIES_CONFIG
* Phase 3: SOURCE (non-authoritative), GOVERNANCE_GROUP
* Phase 4: ACCESS_PROFILE, ATTR_SYNC_SOURCE_CONFIG, ACCESS_REQUEST_CONFIG
* Phase 5: ROLE, WORKFLOW, TRIGGER_SUBSCRIPTION, FORM_DEFINITION
4) Draft → review → deploy (per phase)
Prepare Draft in Config Hub, review diffs under Drafts, set object mappings for env-specific values (Advanced Settings), then deploy in order.
5) Validate
Run aggregations, check identity profile mappings, verify provisioning, confirm lifecycle states.
6) Post-deploy manual fixes
Update env URLs, VA cluster links, secrets/passwords, JDBC drivers; re-enable any imported roles/workflows that came in disabled.
Refer for more detailed implementation →
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.