I’m integrating SailPoint IdentityNow with AWS Secrets Manager using the AWS Vault credential provider, specifically to retrieve credentials for Active Directory (AD) using the SailPoint connector.
I have checked “use credential Provider” option in AD base configuration.
I’ve configured the secret path in accordance with SailPoint documentation and constructed the following credential path:
secrets://aws-vault/uncoded ARN/password
But I am getting below error: Failed to load credentials from IMDS. Please verify provided secret expression.
Check the Credential Path Format
Make sure your credential expression follows this format exactly:
Confirm the Secret Format in AWS Secrets Manager
Your secret should be in JSON format like:
json
Copy
Edit
{
“username”: “ADAdmin”,
“password”: “SuperSecret123!”
}
Make sure:
The key you are referencing in the expression (e.g., password) exists
There are no typos or case mismatches
IAM Role Permissions
Also, make sure no SCP or session policies are blocking access.
VA Network Access to AWS Secrets Manager
Confirm that the VA has network connectivity to AWS Secrets Manager endpoint
If using a VPC endpoint, ensure DNS resolution and security groups/NACLs allow traffic
Validate the VA is Configured with AWS Vault Provider
Logging for More Clues
Enable debug-level logging in IdentityNow for the AD connector and look for:
If you are currently using this:
bash
Copy
Edit
secrets://aws-vault/uncoded ARN/password
Try switching to:
ruby
Copy
Edit
secrets://aws-vault/arn:aws:secretsmanager:us-east-1:123456789012my-ad-secret/password
Hi Vatan
No, it is not compulsory to have the same name for the AWS Secrets Manager secret name (vault name) and the IdentityNow (ISC) credential provider name.
When configuring the AD connector in IdentityNow:
You check “Use Credential Provider”
You set the Credential Provider name to “aws-vault” (case-sensitive)
This tells IdentityNow to use the AWS Secrets Manager integration (via the aws-vault plugin/handler) instead of the default or IMDS.
my-ad-secret/password