Azure Government Endpoint Configuration

Important
When SailPoint CIEM is enabled for MS Entra source that uses GCC High, ensure azure-management-resource-base attribute is set to https://management.usgovcloudapi.net so that entitlement aggregation works correctly.

To meet security and compliance needs of federal agencies, state and local governments, Microsoft provides a separate instance of the Azure service. A few example of such instances are Azure Government, and Azure China. As these instances are separated from general Azure services, endpoint (host address) for such instances might also be different.

With endpoint configuration functionality, the Microsoft Entra connector can be configured to communicate with these instances.

The following attributes must be configured in the source XML using the REST APIs:

Note
For more information on SailPoint's REST APIs, refer to Best Practices: REST API Authentication and REST API - Update Source (Partial) in the SailPoint Developer Community.

Base resource URL to be used for Microsoft Graph API rest calls.

The following example points base to default Microsoft Graph resource base:

POST https://{orgName}.api.identitynow.com/cc/api/source/update/{source ID}

In the body of the POST, use the form-data as follows:

  • Key: msGraphResourceBase

  • Value: https://graph.microsoft.us

Base token URL to be used to get access token for Microsoft Graph API rest calls

The following example points base to default Microsoft Graph token base:

POST https://{orgName}.api.identitynow.com/cc/api/source/update/{source ID}

In the body of the POST, use the form-data as follows:

  • Key: msGraphTokenBase

  • Value: https://login.microsoftonline.us

Note
The actual values of endpoints can be found in Microsoft documentation for specific instance. For connector operation, the values for the above attributes must be provided.