Skip to content

Akeyless Onboarding

This section describes how to securely connect your Akeyless Vault with SailPoint Entro for continuous monitoring and discovery.


Management → Accounts & Integrations → Add New Account (top right) → Akeyless


Overview

SailPoint Entro connects to Akeyless via secure API sessions authenticated through Universal Identity or API Key methods. All operations are strictly read-only and performed through encrypted communication channels.


Prerequisites

  • You have Administrator permissions in Akeyless Vault

  • SailPoint Entro integration permissions are enabled

  • Network connectivity allows outbound HTTPS (443) connections


Universal Identity Onboarding

  1. Create Universal Identity in Akeyless

    • Log in to your Akeyless Vault Console.

    • Navigate to Users & Auth Methods → Create Auth Method.

    • Select Universal Identity and name it Entro_Universal.

    • Complete the creation wizard and note the Access ID and UID values.

  2. Configure SailPoint Entro

    • In SailPoint Entro, open Management → Accounts & Integrations → Add New Account → Akeyless.

    • Enter the following:

      • Environment nickname: Production

      • Authorization method: Universal Identity

      • Access ID: your Akeyless Access ID

      • UID: the Universal Identity ID from Akeyless

      • Worker Group (Connector): select your active connector

    • Click Create Account to validate and establish the connection.


API Key Onboarding

  1. Create API Key in Akeyless

    • Log in to Akeyless Vault Console.

    • Navigate to Users & Auth Methods → Create API Key.

    • Name the key Entro_INT_Token and click Finish.

    • Copy your Access ID and Access Key.

  2. Configure Access Roles in Akeyless

    • In Access Roles, create a new role EntroSecurity_ReadOnlyRole.

    • Associate the role with the SailPoint Entro_INT_Token auth method.

    • Add the following rule types with List and Read permissions:

      • Items (apply recursively)

      • Access Roles

      • Auth Methods

  3. Configure SailPoint Entro

    • Return to SailPoint Entro and navigate to Add New Account → Akeyless.

    • Fill in:

      • Environment nickname: Production

      • Authorization method: API Key

      • Access ID / Access Key: copied from Akeyless

      • Worker Group (Connector): select your connector

    • Click Create Account to complete onboarding.


System Requirements

  • Outbound HTTPS connectivity (port 443)

  • Active SailPoint Entro Worker (Connector) with assigned role

  • Akeyless API endpoints reachable from the SailPoint Entro environment


Security & Compliance

  • All SailPoint Entro–Akeyless interactions occur via TLS 1.2+

  • No secret values are ever retrieved or stored

  • Keys are securely managed in the SailPoint Entro Worker

  • Integration operates under least-privilege principles