Skip to content

Jenkins Onboarding

Configuration Steps

Optional: create a dedication user

To ensure secure read-only access, it is recommended to generate the API token from a dedicated service user with read-only permissions, to ensure the integration has the minimum necessary access to your system.

  1. Install the Role-Based Authorization Strategy plugin in your jenkins server

  2. Navigate to Manage Jenkins > Manage and Assign Roles > Manage Roles

  3. Create a role with following permissions:

    1. Overall/Read

    2. Job/Read

  4. Create a new user for this role, to be used for this integration

2

Generate a Jenkins API Token

An API token is required for SailPoint Entro to securely connect to Jenkins.

  • Log in to the Jenkins account intended for integration.

  • Click your username in the top-right corner and select Security.

  • Under API Token, click Add new Token and provide a descriptive name (e.g., Entro_Integration).

  • Copy the generated token immediately and store it securely — it cannot be viewed again later.

Step 2 - Connect Jenkins to SailPoint Entro

  1. In the SailPoint Entro platform, navigate to: Management → Accounts & Integrations → Add New Account → Jenkins

  2. Complete the connection form using the following details:

    1. URL: The base URL of your Jenkins instance

    2. User ID: The Jenkins user ID associated with the API token

    3. Access Token: Paste the API token generated in the previous step

    4. Environment Nickname: Enter a descriptive name (e.g., CICD-Jenkins)

    5. Environment Type: Select the relevant environment (e.g., Production)

    6. Worker Group (Connector): Choose the SailPoint Entro Worker handling the scan

  3. Click Create Account.

Step 3 - Validation and Scanning

Once connected:

  • SailPoint Entro validates the token against the Jenkins REST API, and verifies required permissions are granted.

  • Jenkins data is scanned for secret exposures across pipeline logs and configurations.

  • Findings appear in your SailPoint Entro Console with metadata and severity context.