Caching Credentials

SailPoint credential providers can save the credentials it receives from the systems they manage to cache. Cached credentials may expire after a period of time and need to be refreshed. Credential providers can't use expired credentials saved to cache.

To enable credential caching for credential providers:

  1. Sign in to SailPoint.

  2. Go to Admin > Connections > Credential Providers.

  3. Search for the credential provider that you want to enable caching on and select its name.

  4. Select Edit Configuration.

  5. Select the Enable Credentials Caching checkbox.

    Note
    The option to enable this feature may be in a different configuration tab depending on your selected credential provider.

  6. Select Save.

Credentials Expiration

Depending on the managed system the credential provider is connected to, the credentials may have an expiration time limit. The credential provider uses the following hierarchy to determine expiration, with the highest priority first and the lowest priority last:

  1. If the credentials received from the managed system contain an expiration time, then they are cached until that expiration time.

  2. If the credentials received from the managed system don't contain an expiration time, then you can add one by configuring the expirationTimeInSeconds attribute in the source of credential provider using APIs.

    Note
    For more information on SailPoint's REST APIs, refer to Best Practices: REST API Authentication and REST API - Update Source (Partial) in the SailPoint Developer Community.

  3. If the credentials received from the managed system don't contain an expiration time and you don't create one via APIs, then by default the credentials expire after one day.