Connection Settings

Securely connect SailPoint and Amazon Web Services by choosing an authentication method and providing the required information. See Required Permissions for more information.

IAM Role Authentication Method

This authentication method is used when a Virtual Appliance (VA) is deployed on the AWS EC2 instance. The IAM role must be associated with any AWS account in the EC2 instance. Permissions for the role must be configured in the management AWS account and a trust relationship must be established.

Important
To manage organizational entities like service control policies, organization units, or AWS accounts, you must provide the Management Account ID and role permissions must be configured in the management AWS account.

Enter the IAM Role Name that has authorization to call all the AWS accounts to be aggregated. This role must have the permissions specified in Prerequisitesand IAM Role Authentication Method
Enter the External ID for the role. This ID is included in the IAM role trust policy to designate who can assume the role.
Enter the Management Account ID for the organization. This is required to manage all AWS accounts as well as organization entities like service control policies, organization units.
Enter the Region name for the AWS data center. The default region is us-east-1.
Select Save.

IAM User Authentication Method

This method uses the Access Key ID and Secret Access Key associated with the user. The IAM user is created in the management AWS or member AWS account based on the application configuration.

Important
To manage organizational entities like service control policies, organization units, or AWS accounts, the user account must be created in the management AWS account and permissions must be given through the cross-account role in the management AWS account.

Enter the Access Key ID for the IAM user configured for IAM database authentication.
Enter the Secret Access Key for the IAM user configured for IAM database authentication.
Enter the IAM Role Name that has authorization to call all the AWS accounts to be aggregated. This role must have the permissions specified in Prerequisites and IAM Role Authentication Method.
Enter the Region name for the AWS data center. The default region is us-east-1.
Select Save.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Connection Settings

Documentation Feedback