SailPoint IdentityNow SaaS connector
Overview
The BeyondTrust Privilege Management for Windows & Mac SaaS connector is an open source connector for SailPoint IdentityNow created using SailPoint IdentityNow SaaS Connectivity.
- EPM includes a SCIM API.
- Create a connector in IdentityNow using the generic SCIM source.
A SaaS connector allows direct cloud-to-cloud communication without requiring a virtual appliance (VA) to be deployed on-premises.
This example SaaS connector uses the scim-functions library included when the target application has a SCIM API.
Availability
The connector is available as a github project.
Later in 2024, SailPoint plans to add a feature where you can add the connector as a Source type, without requiring the SaaS Connectivity CLI.
Supported use cases
- Account Create
- Account Delete
- Account Enable
- Account Disable
- Account List
- Account Read
- Account Unlock
- Account Update
- Entitlement List
- Entitlement Read
- Test Connection
Requirements
- IdentityNow v8.3+
- BeyondTrust Privilege Management for Windows & Mac 23.9+
How to
The steps provided here are high-level. For a complete step-by-step with screenshots, see the CoLab.
- In the EPM console, create an API account with Full Access to SCIM.
- Use the SaaS Connectivity CLI to upload the SaaS connector to your IdentityNow instance.
- Create a source using the EPM SaaS connector.
- Provide Base and Authentication URLs, and Client ID and Client Secret.
API Endpoints
The connector utilizes the following API endpoints to facilitate this integration:
Authentication
/oauth/connect/token
SCIM Core Endpoints
- GET
/scim/v2/ServiceProviderConfig - GET
/scim/v2/Schemas - GET
/scim/v2/ResourceTypes
User Management
- GET
/scim/v2/Users - GET
/scim/v2/Users/{id} - POST
/scim/v2/Users - PUT
/scim/v2/Users/{id} - PATCH
/scim/v2/Users/{id} - DELETE
/scim/v2/Users/{id}
Group Management
- GET
/scim/v2/Groups - GET
/scim/v2/Groups - GET
/scim/v2/Groups/{id} - POST
/scim/v2/Groups - PUT
/scim/v2/Groups/{id} - PATCH
/scim/v2/Groups/{id} - DELETE
/scim/v2/Groups/{id}
Container Management
- GET
/scim/v2/Containers - GET
/scim/v2/Containers/{containerId} - GET
/scim/v2/ContainerPermissions
Container Permissions Management
- GET
/scim/v2/ContainerPermissions - GET
/scim/v2/ContainerPermissions/{id} - POST
/scim/v2/ContainerPermissions - PUT
/scim/v2/ContainerPermissions/{id} - PATCH
/scim/v2/ContainerPermissions/{id} - DELETE
/scim/v2/ContainerPermissions/{id}
Privileged Data Management
- GET
/scim/v2/PrivilegedData - GET
/scim/v2/PrivilegedData/{id}
Updated 6 days ago
