Skip to content

Network Requirements

External Access

The SailPoint Entro Outpost requires access to various external URLs in order for the Outpost to communicate with the SailPoint Entro platform:

SailPoint Entro:

  • *api.entro.security - SailPoint Entro's own API endpoint

Note

The Outpost does not communicate directly with SailPoint Entro's UI (app.entro.security)

AWS:

  • *.s3.amazonaws.com

  • *.s3.{region}.amazonaws.com

  • iam.amazonaws.com

  • logs.{region}.amazonaws.com

  • secretsmanager.{region}.amazonaws.com

  • sqs.{region}.amazonaws.com

  • sts.{region}.amazonaws.com

  • s3express-control.{region}.amazonaws.com

  • monitoring.us-east-1.amazonaws.com

Note

Default region is us-east-1 unless specified otherwise. Replace {region} accordingly.

More about AWS service endpoints can be found here:

Firewall / proxy notes

Caution

Do not perform SSL stripping or MITM on SailPoint Entro traffic.

  • Allow outbound HTTPS to SailPoint Entro API hosts and required AWS endpoints above.

  • If using SailPoint Entro perimeter static IPs, see the IP list on the SaaS-perimeter page.

  • If a proxy is required, make sure the proxy is configured in the .env-connector file.

Local Access

Allow connectivity between the Outpost and any integrated services. For example -

  • To onboard your local BitBucket server - Allow the Outpost to access it

  • To onboard SMB File Shares - Allow the Outpost to access them

The SailPoint Entro Outpost must have network connectivity to any onboarded integration.

Exposure Validation Checks

When token and secret exposures are found by the Outpost scanner, the SailPoint Entro Outpost connects to the service that the secret belongs to and determines the validity status of the token or secret. Allow the Outpost to connect to the following URLs to determine the current validity of the exposure:

origin_type endpoints purpose
AIVEN_API_KEY https://api.aiven.io/v1/account Validate Aiven API key and fetch user info
AKEYLESS_ACCESS_KEY https://api.akeyless.io/auth Validate Akeyless Access Key
ALGOLIA https://-dsn.algolia.net/1/ Validate Algolia API key
ARTIFACTORY_JFROG_CREDS_JWT https://*.jfrog.io/artifactory/api/storageinfo
https:///artifactory/api/users
Validate JFrog Artifactory JWT credentials
ARTIFACTORY_JFROG_TOKEN https://*.jfrog.io/artifactory/api/storageinfo
https:///artifactory/api/users
Validate JFrog Artifactory token
ASANA_ACCESS_TOKEN https://app.asana.com/api/1.0/users/me Validate Asana Personal Access Token and fetch user info
AWS sts:GetCallerIdentity
iam:GetAccessKeyInfo (AWS Servers)
Validate AWS credentials and fetch account/resource info
AZURE_APP_REGISTRATION_CLIENT_SECRET https://login.microsoftonline.com/*/oauth2/v2.0/token Validate Azure App Registration Client Secret
AZURE_COSMOS_DB_KEY _.azure.com/_ Validate Azure Cosmos DB Key
AZURE_DEVOPS_PAT_V2 https://app.vssps.visualstudio.com/_apis/accounts Validate Azure DevOps token and fetch accounts
AZURE_DEVOPS_TOKEN https://app.vssps.visualstudio.com/_apis/accounts Validate Azure DevOps token and fetch accounts
AZURE_STORAGE_ACCESS_KEY https://*.blob.core.windows.net/?comp=list Validate Azure Storage Access Key
BITBUCKET_OAUTH_CREDS https://bitbucket.org/site/oauth2/access_token Validate Bitbucket OAuth credentials and fetch token info
BOX_OAUTH https://api.box.com/oauth2/token Validate Box OAuth token
BUILDKITE https://api.buildkite.com/v2/access-token Validate Buildkite API token
CONTENTFUL https://api.contentful.com/organizations Validate Contentful API key
DATABRICKS_PAT https://*.databricks.com/api/2.0/token/create
https://*azurewebsites.net/api/2.0/token/create
https://*azuredatabricks.net/api/2.0/token/create
Validate Databricks Personal Access Token
DATADOG_API_KEY https://us5.datadoghq.com/api/v1/validate
https://app.datadoghq.com/api/v1/validate
https://us3.datadoghq.com/api/v1/validate
https://app.datadoghq.eu/api/v1/validate
https://app.ddog-gov.com/api/v1/validate
https://ap1.datadoghq.com/api/v1/validate
Validate Datadog API key
DIGITAL_OCEAN_PERSONAL_ACCESS_TOKEN https://api.digitalocean.com/v2/account Validate DigitalOcean Personal Access Token
DIGITAL_OCEAN_SPACES_KEYS https://nyc3.digitaloceanspaces.com
https://sfo2.digitaloceanspaces.com
https://ams3.digitaloceanspaces.com
https://sgp1.digitaloceanspaces.com
https://fra1.digitaloceanspaces.com
Validate DigitalOcean Spaces keys
DROPBOX_APP_CREDS https://www.dropbox.com/oauth2/authorize?client_id=${the key we found}&response_type=code Validate Dropbox app credentials
DROPBOX_APP_OAUTH_TOKEN https://api.dropboxapi.com/2/users/get_current_account Validate Dropbox OAuth token and fetch account info
DROPBOX_SIGN_API_KEY https://api.hellosign.com/v3/template/list Validate Dropbox Sign API key
ELASTIC_CLOUD https://api.elastic-cloud.com/api/v1/deployments Validate Elastic Cloud credentials and fetch deployments
ENTRO_API_KEY https://fidelity-api.entro.security/v2/scan?generic=false&redact=true Validate SailPoint Entro API key
FACEBOOK_APP_ID https://graph.facebook.com/debug_token?input_token=${credsWeFound}&access_token=${credsWeFound} Validate Facebook App ID
FASTLY_API_KEY https://api.fastly.com/tokens/self Validate Fastly API key
FIGMA_PAT https://api.figma.com/v1/me Validate Figma Personal Access Token and fetch user info
FULLSTORY https://developer.fullstory.com/server/v1/authentication/me/ Validate FullStory API key and fetch user info
GITHUB https://api.github.com/user
https://api.github.com/user/repos
Validate GitHub token and fetch user/repos info
GITBOOK_API_KEY https://api.gitbook.com/v1/user Validate GitBook API key
GITLAB_PAT https://gitlab.com/api/v4/user
https://gitlab.com/api/v4/runners
https://gitlab.com/api/v4/projects/{project_id}/cluster_agents
https://gitlab.com/api/v4/projects/{project_id}/repository/files/{file_path}/raw?ref={branch}
https://gitlab.com/api/v4/projects/{project_id}/registry/repositories
Validate GitLab Personal Access Token and fetch user info
GOOGLE_GCP https://maps.googleapis.com/maps/api/geocode/json?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&key=${key we found} Validate Google Cloud API token
GOOGLE_GCP_SERVICE_ACCOUNT https://oauth2.googleapis.com/token Validate GCP service account credentials
GROQ_API_KEY https://api.groq.com/openai/v1/chat/completions Validate Groq API key
HEROKU https://api.heroku.com/apps Validate Heroku API key and fetch apps
HUBSPOT https://api.hubapi.com/oauth/v2/private-apps/get/access-token-info Validate HubSpot API key and fetch token info
HUGGING_FACE_ACCESS_TOKEN https://huggingface.co/api/whoami-v2 Validate Hugging Face access token
JFROG_JWT_ACCESS_TOKEN https://*.jfrog.io/artifactory/api/storageinfo
https:///artifactory/api/users
Validate JFrog Artifactory JWT access token
JFROG_REFERENCE_ACCESS_TOKEN https://*.jfrog.io/artifactory/api/storageinfo
https:///artifactory/api/users
Validate JFrog Artifactory reference access token
KLAVIYO_API_KEY https://a.klaviyo.com/api/accounts Validate Klaviyo API key
LAUNCHDARKLY_API_KEY https://app.launchdarkly.com/api/v2/caller-identity Validate LaunchDarkly API key
LAUNCHDARKLY_MOBILE https://app.launchdarkly.com/api/v2/caller-identity Validate LaunchDarkly mobile key
LAUNCHDARKLY_SDK https://app.launchdarkly.com/api/v2/caller-identity Validate LaunchDarkly SDK key
MAILCHIMP_API_KEY https://*.api.mailchimp.com/3.0/ Validate Mailchimp API key
MAILGUN_PAT https://api.mailgun.net/v4/domains Validate Mailgun Personal Access Token
META_APP_CREDS https://graph.facebook.com/debug_token?input_token=${creds we found}&access_token=${creds we found} Validate Meta (Facebook) app credentials
META_APP_CREDS_PAIR https://graph.facebook.com/debug_token?input_token=${credsWeFound}&access_token=${credsWeFound} Validate Meta (Facebook) app credentials
META_USER_TOKEN https://graph.facebook.com/debug_token?input_token=${token}&access_token=${token} Validate Meta (Facebook) user token
NOTION https://api.notion.com/v1/users/me Validate Notion API key and fetch user info
NPM https://registry.npmjs.org/-/whoami Validate NPM token
OKTA_API_KEY _.okta.com/_ Validate Okta API key
OKTA_CLIENT_SECRET _.okta.com/_ Validate Okta client secret
OPENAI https://api.openai.com/v1/models Validate OpenAI API key and fetch available models
OPENAI_SERVICE_ACCOUNT https://api.openai.com/v1/models Validate OpenAI API key and fetch available models
OPENWEATHER_API_KEY https://api.openweathermap.org/data/2.5/weather?id=524901&lang=fr&appid=${found token} Validate OpenWeather API key
PAYPAL_BRAINTREE_CREDS_PAIR https://api-m.sandbox.paypal.com/v1/oauth2/token Validate PayPal Braintree credentials
PINECONE_API_KEY https://controller.gcp-starter.pinecone.io/databases
https://controller.us-west1-gcp-free.pinecone.io/databases
https://controller.asia-southeast1-gcp-free.pinecone.io/databases
https://controller.us-west4-gcp-free.pinecone.io/databases
https://controller.us-west1-gcp.pinecone.io/databases
https://controller.us-central1-gcp.pinecone.io/databases
https://controller.us-west4-gcp.pinecone.io/databases
https://controller.us-east4-gcp.pinecone.io/databases
https://controller.northamerica-northeast1-gcp.pinecone.io/databases
https://controller.asia-northeast1-gcp.pinecone.io/databases
https://controller.asia-southeast1-gcp.pinecone.io/databases
https://controller.us-east1-gcp.pinecone.io/databases
https://controller.eu-west1-gcp.pinecone.io/databases
https://controller.eu-west4-gcp.pinecone.io/databases
https://controller.us-east-1-aws.pinecone.io/databases
https://controller.eastus-azure.pinecone.io/databases
Validate Pinecone API key
PINECONE_KEY https://controller.gcp-starter.pinecone.io/actions/whoami
https://controller.us-west1-gcp-free.pinecone.io/actions/whoami
https://controller.asia-southeast1-gcp-free.pinecone.io/actions/whoami
https://controller.us-west4-gcp-free.pinecone.io/actions/whoami
https://controller.us-west1-gcp.pinecone.io/actions/whoami
https://controller.us-central1-gcp.pinecone.io/actions/whoami
https://controller.us-west4-gcp.pinecone.io/actions/whoami
https://controller.us-east4-gcp.pinecone.io/actions/whoami
https://controller.northamerica-northeast1-gcp.pinecone.io/actions/whoami
https://controller.asia-northeast1-gcp.pinecone.io/actions/whoami
https://controller.asia-southeast1-gcp.pinecone.io/actions/whoami
https://controller.us-east1-gcp.pinecone.io/actions/whoami
https://controller.eu-west1-gcp.pinecone.io/actions/whoami
https://controller.eu-west4-gcp.pinecone.io/actions/whoami
https://controller.us-east-1-aws.pinecone.io/actions/whoami
https://controller.eastus-azure.pinecone.io/actions/whoami
Validate Pinecone key
PINGDOM_TOKEN https://api.pingdom.com/api/3.1/checks Validate Pingdom token
PUBNUB https://ps.pndsn.com/v2/objects/${subscribe key}/uuids Validate PubNub subscribe key
PUBNUB_FULL_CREDS https://ps.pndsn.com/signal/${publish key}/${subscribe key}/0/ch1/0/%22typing_on%22?uuid=user-123 Validate PubNub full credentials
REDIS_CLOUD_API_KEYS https://api.redislabs.com/v1/ Validate Redis Cloud API key
SENDGRID https://api.sendgrid.com/v3/templates Validate SendGrid API key and fetch templates
SENTRY_ORGANIZATION_AUTH_TOKEN https://us.sentry.io/api/0/organizations/_/projects/
https://eu.sentry.io/api/0/organizations/_/projects/ where we extract the org from the found token
Validate Sentry organization auth token
SENTRY_TOKEN https://sentry.io/api/0/projects/ Validate Sentry token
SENTRY_USER_AUTH_TOKEN https://us.sentry.io/api/0/organizations/
https://eu.sentry.io/api/0/organizations/
Validate Sentry user auth token
SHIPPO https://api.goshippo.com/shipments/ Validate Shippo API token
SHOPIFY_KEY https://*.myshopify.com/admin/oauth/access_scopes.json Validate Shopify API key
SLACK https://slack.com/api/auth.test Validate Slack token and fetch workspace/user info
SLACKWEBHOOK https://hooks.slack.com/services/* Validate Slack webhook by sending a simple request
SNOWFLAKE https://_.snowflakecomputing.com/session/v1/login-request
https://_.snowflakecomputing.com/queries/v1/query-request
Validate Snowflake credentials
SNOWFLAKE_GENERIC_CREDENTIALS https://_.snowflakecomputing.com/session/v1/login-request
https://_.snowflakecomputing.com/queries/v1/query-request
Validate Snowflake credentials
SQUARE_APP_TOKEN https://connect.squareupsandbox.com/v2/merchants Validate Square app token
SQUARE_FULL_CREDS https://connect.squareupsandbox.com/v2/merchants Validate Square full credentials
STRIPE_API_KEY https://api.stripe.com/v1/charges Validate Stripe API key and fetch account info
SUMO_LOGIC_ACCESS_ID https://api.sumologic.com/api/v1/users Validate Sumo Logic Access ID credentials
SUMO_LOGIC_CREDS https://api.sumologic.com/api/v1/users Validate Sumo Logic credentials
TWILIO_API_KEY https://verify.twilio.com/v2/Services Validate Twilio API key
TWILIO_MASTER_CREDENTIALS https://verify.twilio.com/v2/Services Validate Twilio master credentials
TYPEFORM_API_TOKEN https://api.typeform.com/me Validate Typeform API token
URI * Validate generic URI
X_CONSUMER_CREDS https://api.twitter.com/oauth2/token
https://api.twitter.com/2/tweets/20
Validate X-Consumer credentials