Akeyless Onboarding
This section describes how to securely connect your Akeyless Vault with SailPoint Entro for continuous monitoring and discovery.
Navigation Path
Management → Accounts & Integrations → Add New Account (top right) → Akeyless
Overview
SailPoint Entro connects to Akeyless via secure API sessions authenticated through Universal Identity or API Key methods. All operations are strictly read-only and performed through encrypted communication channels.
Prerequisites
-
You have Administrator permissions in Akeyless Vault
-
SailPoint Entro integration permissions are enabled
-
Network connectivity allows outbound HTTPS (443) connections
Universal Identity Onboarding
-
Create Universal Identity in Akeyless
-
Log in to your Akeyless Vault Console.
-
Navigate to Users & Auth Methods → Create Auth Method.
-
Select Universal Identity and name it
Entro_Universal. -
Complete the creation wizard and note the Access ID and UID values.
-
-
Configure SailPoint Entro
-
In SailPoint Entro, open Management → Accounts & Integrations → Add New Account → Akeyless.
-
Enter the following:
-
Environment nickname: Production
-
Authorization method: Universal Identity
-
Access ID: your Akeyless Access ID
-
UID: the Universal Identity ID from Akeyless
-
Worker Group (Connector): select your active connector
-
-
Click Create Account to validate and establish the connection.
-
API Key Onboarding
-
Create API Key in Akeyless
-
Log in to Akeyless Vault Console.
-
Navigate to Users & Auth Methods → Create API Key.
-
Name the key
Entro_INT_Tokenand click Finish. -
Copy your Access ID and Access Key.
-
-
Configure Access Roles in Akeyless
-
In Access Roles, create a new role
EntroSecurity_ReadOnlyRole. -
Associate the role with the SailPoint Entro_INT_Token auth method.
-
Add the following rule types with List and Read permissions:
-
Items (apply recursively)
-
Access Roles
-
Auth Methods
-
-
-
Configure SailPoint Entro
-
Return to SailPoint Entro and navigate to Add New Account → Akeyless.
-
Fill in:
-
Environment nickname: Production
-
Authorization method: API Key
-
Access ID / Access Key: copied from Akeyless
-
Worker Group (Connector): select your connector
-
-
Click Create Account to complete onboarding.
-
System Requirements
-
Outbound HTTPS connectivity (port 443)
-
Active SailPoint Entro Worker (Connector) with assigned role
-
Akeyless API endpoints reachable from the SailPoint Entro environment
Security & Compliance
-
All SailPoint Entro–Akeyless interactions occur via TLS 1.2+
-
No secret values are ever retrieved or stored
-
Keys are securely managed in the SailPoint Entro Worker
-
Integration operates under least-privilege principles