SaaS Connector logs

amarsp_bcbsm · May 5, 2025, 6:32pm

We have an issue with a SaaS connector provisioning and to troubleshoot, I am trying to capture the requests sent from IDN. I used CLI to see logs but that does not show show me the payload/request sent from IDN. I do see errors coming back from target but no info for what SailPoint sends to the target app.

Issue is with Salesforce SaaS and permissionSet provisioning to be exact

mcheek · May 5, 2025, 6:36pm

Is this an off-the-shelf or a custom SaaS connector? If it’s custom, you just add a logging message like

logger.info(JSON.stringify(input))

amarsp_bcbsm · May 5, 2025, 6:40pm

It is an off-the-shelf Salesforce SaaS connector.

Using CLI commands, I enabled --debug too. I see INFO level messages like this. Reference is at Connectors | SailPoint Developer Community

[2025-05-05T14:14:00.334-04:00] INFO | connectorMessage ▶︎ {"AppType":"salesforce SaaS","commandType":"std:account:create","invocationId":"aaad7239-a43c-4e87-9f3e-a5cb7064cee4","message":"Create account operation is successful, the native identifier is : 005ct0000092a73AAA","requestId":"b5816102485c4fe49fb69a8eea1cd4a8","timestamp":"2025-05-05T18:07:07.559Z","version":21}

Trying to find what the connector is sending to Salesforce vendor to better troubleshoot the issue. I see an error message like this (this is coming back from target app) and not request body sent by IDN itself, which is what I am more interested in.

[2025-05-05T14:14:04.439-04:00] ERROR | connectorMessage ▶︎ {"AppType":"salesforce SaaS","commandType":"std:account:create","invocationId":"aaad7239-a43c-4e87-9f3e-a5cb7064cee4","message":"Error while provisioning PermissionSetGroup to account operation - Request failed with status code 400","requestId":"b5816102485c4fe49fb69a8eea1cd4a8","timestamp":"2025-05-05T18:07:07.559Z","version":21}

amarsp_bcbsm · May 12, 2025, 1:16pm

Created a ticket with SailPoint and it looks like this is not possible in the product for Security reasons. Recommendation was to add this to the Ideas portal.

nsorlien · May 12, 2025, 5:13pm

Just to confirm, did you also enable the Administrator Settings > Enable Debug Logging checkbox on your Salesforce SaaS source in ISC? SaaS sources require that additional step to produce DEBUG level logs accessible via the CLI. We had luck with that with the BambooHR SaaS connector to troubleshoot 400 errors, but obviously we’re relying on SailPoint to include helpful DEBUG log statements in their OOTB connectors, which they may not have for the Salesforce connector.