Skip to content

Connector Network Requirements

Purpose

Lists external endpoints and local connectivity requirements for SailPoint Entro Connectors.

Local Access

  • Connector must be able to reach every onboarded integration inside your perimeter (Bitbucket, GitLab, SMB, Vault, etc.).

  • Ensure no firewall/proxy/DPI blocks these connections.

  • SMB file share scanning requires local network access to file servers.

Note

Connector needs direct network access to the resources it scans. If your environment restricts internal connectivity, adjust firewall rules or provide a routing path (VPN, VPC peering, etc.) so the connector can reach those services.

SailPoint Entro & AWS Endpoints

Connector needs outbound access to SailPoint Entro services and various AWS endpoints used for logging and storage. Common AWS endpoints include:

  • *.s3.amazonaws.com

  • *.s3.{region}.amazonaws.com

  • iam.amazonaws.com

  • logs.{region}.amazonaws.com

  • secretsmanager.{region}.amazonaws.com

  • sqs.{region}.amazonaws.com

  • sts.{region}.amazonaws.com

  • s3express-control.{region}.amazonaws.com

  • monitoring.us-east-1.amazonaws.com (and FIPS variants)

  • *api.entro.security - SailPoint Entro's own API endpoint

The connector does not communicate directly with SailPoint Entro's UI (app.entro.security)

Note

Default region is us-east-1 unless specified otherwise. Replace {region} accordingly.

Firewall / Proxy Notes

Warning

Do not perform SSL stripping or MITM on SailPoint Entro traffic.

Troubleshooting

Troubleshooting steps

  • If connector fails to reach a service, capture tcpdump and check DNS resolution and proxy logs.

  • Verify proxy authentication and TLS interception are not interfering.

  • Confirm outbound HTTPS to the relevant SailPoint Entro and AWS hosts is permitted and not being altered by DPI.