SailPoint Configuration Hub's role in streamlining and securing configurations

(blog following the webinar this week on Configuration Hub)
Authored by: Yael Kadoshi, Lead Product Manager

In the fast-paced world of Software as a Service (SaaS) and the highly configurable nature of products, managing configuration settings across ever-evolving environments, coupled with the need for seamless migrations and context sensitive syncing between environments, poses a significant challenge for organizations.

SailPoint Configuration Hub steps into this landscape as a transformative solution and plays a pivotal role in maintaining the integrity and consistency of the configuration settings throughout their lifecycle, thereby streamlining, and expediting the delivery of configuration changes.

SailPoint introduced Configuration Hub at Navigate 2023 with an informative session. For customers who did not attend the session, this blog delves into the dynamic features of the SailPoint Configuration Hub, shedding light on its ability to free up security teams from the tedious task of managing environments, allowing them to focus on core identity management activities, to expedite the value delivery of identity security to their organizations. Since then, we’ve made additional enhancements to the SailPoint Configuration Hub and have outlined them in this blog post.

Using configuration hub to secure and maintain configuration settings in multiple environments

Secure configuration settings between changes:

SailPoint Configuration Hub introduces a groundbreaking self-service tool with configuration change delivery capabilities in its multi-tenant SaaS platform. It ensures the security and data residency of configuration settings between changes, version control, dependency management and risk mitigation.

Admins can now access weekly automated configuration backups, perform on-demand backups via a user-friendly UI—allowing for full tenant configuration backups or partial backups of selected configurations—and deploy or restore configurations seamlessly.

Cross-tenant migration of configuration settings:

SailPoint Configuration Hub addresses the complexity of managing configurations in multiple tenant environments. An attribute value tokenization and context sensitive logic is introduced, both via system pre-configured substitution rules for common attribute value tokenization and tenant specific object mapping, which admins can pre-configure, to substitute attribute values and object names, enabling efficient cross-tenant migration.

With the ability to deploy backups of configuration settings from another tenant, customers can expedite distribution of critical configurations, reducing manual work and minimizing misconfigurations.

Keeping pre-prod up to date:

SailPoint Configuration Hub facilitates seamless syncing of desired configuration changes from production to pre-production environments. By comparing configuration settings across environments, admins can ensure that pre-prod remains up to date, reducing discrepancies and streamlining testing processes.

Ongoing promotion to production:

The platform simplifies the ongoing promotion of configurations to production by providing a one-click distribution of critical configurations. Admins can ensure consistency of changes that were verified in pre-prod environments to their production environment, fostering safe, reliable and efficient production configuration updates.

New customer onboarding:

SailPoint Configuration Hub streamlines new customer onboarding for partners and services teams. By enabling automation of configuration uploads with context sensitive substitution rules, partners can easily transfer common configurations to various customer environments. The platform allows for personalized object names and attribute values, making onboarding a seamless and personalized experience.

Track changes to configuration settings:

SailPoint Configuration Hub introduces detailed activity logs of historical configuration deployments, allowing admins to track changes to configuration settings meticulously. Admins gain better tracking of configuration deployment activities, both successful and failed, creating a comprehensive audit trail, and offering insights into every change made to the configurations.

Increase visibility to the state of your settings:

SailPoint Configuration Hub enhances visibility by allowing detailed view of the current and historical configuration settings. The platform provides a clear summary of the differences to the current live configurations comparing to previous point in time, enabling admins to monitor and manage changes of settings effectively. Admins can easily view and filter draft objects with reference issues, ensuring a smooth and error-free configuration deployment.

An interactive JSON diff view of draft objects changes vs. live tenant configuration, providing a comprehensive overview of modifications. The platform provides a JSON change log, listing attribute value changes between target tenant configuration and the configuration backup as well as detailed list of all the substitution rules that were applied to the draft.

Manage configuration backups retention & limits:

The platform facilitates the management of configuration backups by offering a user-friendly UI for ad-hoc backups. Admins can create and delete backups and draft configurations and retain only relevant ones while maintaining the system defined limits.

Empowering Identity Security with SailPoint Configuration Hub
SailPoint Configuration Hub emerges as a powerful solution in the ever-evolving landscape of SaaS environments. By simplifying and accelerating context sensitive configuration change delivery, the tool empowers customer teams to focus on SailPoint Identity Security Cloud, accelerating the value delivery of identity security to organizations. With features like self-service backup and restore, cross-tenant migration, and automated substitutions, SailPoint Configuration Hub stands as a beacon of efficiency and security in the realm of identity security.

Check out SailPoint’s latest on-demand webinar to see a live demo of SailPoint Configuration Hub.


An excellent addition to the product and certainly beneficial for the CICD Process

1 Like

This article looks great, I will try the object mappings.

Is there and article on how to map objects between tenants?

you can refer to the product documentation section “Mapping Objects” for more information: Using the Configuration Hub - SailPoint Identity Services

Hello Yael,
Is it possible through the Configuration Hub to push updates on a BeforeProvisioning rule from our sandbox to production ?
I was able to deploy a new BeforeProvisioning rule between my two environments but I don’t understand how to push an update on this type of object (rule initially pushed in production by Sailpoint Expert Services).