Configuration Parameters
Following are the list of configuration parameters of SailPoint Microsoft SQL Server Connector:
Note
Attributes marked with an asterisk (*) are mandatory.
URL*
A valid URL of Microsoft SQL Server with the following format:
jdbc:sqlserver://[serverName[\instanceName][:portNumber]]
For more information on the URL format for Windows and Linux, see URL Format Details.
Note
Windows authentication can be done with a Managed Service Account (MSA). For more information, refer to Using Managed Service Account as a Service Account for Test Connection.
User*
Administrative Account to connect to Microsoft SQL Server.
Password*
Administrative Account password.
Driver*
The name of the Driver class supported by JDBC com.microsoft.sqlserver.jdbc.SQLServerDriver
Included Databases
Comma-separated list of database names to be included in the aggregation operation.
The Microsoft SQL Server source supports the database names with special characters during account aggregation.
Excluded Databases
Comma-separated list of database names to be excluded in the aggregation operation.
The Microsoft SQL Server source supports the database names with special characters during account aggregation.
Important
If the Include Database parameter is populated, the Exclude Database parameter is ignored.
Note
If you leave both the Included Databases and Excluded Databases fields blank, SailPoint aggregates all server accounts and users from all available databases, except orphan database users (databases users who are not linked with any server account) and databases users with only public roles.
URL Format Details
-
For Windows Authentication:
jdbc:sqlserver://[serverName[\instanceName][:portNumber];integratedSecurity=true;
Note
Windows authentication can be done with an MSA. For more information, refer to Using Managed Service Account as a Service Account for Test Connection.
-
For Kerberos:
-
IdentityIQ on Windows in same domain as Microsoft SQL Server, Microsoft SQL Server on the Ubuntu Linux, IdentityIQ running in context of domain user:
jdbc:sqlserver://<Ubuntu host>:1433;integratedSecurity=true;
-
IdentityIQ on Linux in same domain as Microsoft SQL Server, Microsoft SQL Server on the Ubuntu Linux, IdentityIQ running in context of domain user:
jdbc:sqlserver://<Ubuntu host>:1433;integratedSecurity=true;authenticationScheme=javaKerberos;
-
IdentityIQ on Linux in same domain as Microsoft SQL Server, Microsoft SQL Server on the Windows, IdentityIQ running in context of domain user:
jdbc:sqlserver://<Windows host>:1433;integratedSecurity=true;authenticationScheme=javaKerberos;
-
Where:
-
jdbc:sqlserver://: (Required) Known as the sub-protocol and is constant
-
serverName: The address of the server to connect to. This could be a DNS, IP address, localhost, or 127.0.0.1 for the local computer.
-
instanceName: The instance to connect to serverName.
-
portNumber: The port to connect to serverName. The default is 1433.
-
integratedSecurity: The current Windows account credentials used for authentication.
-
authenticationScheme: Used for integrated authentication using Kerberos in addition to integratedSecurity connection property.
Additional Configuration Parameter
The following is the additional configuration parameter that must be set in the application debug page:
additionalConnProperties
additionalConnProperties should be used to send in any additional properties in the connection URL string that are not part of the OOTB MS SQL connector. The following is the additional configuration parameter that must be set in the application debug page to use the property, in addition to loading certificates from the custom trust store.
<entry key="additionalConnProperties">
<value>
<List>
<String><trust store file parameter>=<path of trust store></String>
<String><trust store type parameter>=<trust store type></String>
<String><trust store password parameter>=$<placeholder variable>$</String>
</List>
</value>
</entry>
<entry key="encrypted" value="$<placeholder variable>$"/>
<entry key="$<placeholder variable>$" value="<actual password>"/>