SailPoint Identity Security Cloud
Purpose
The SailPoint Identity Security Cloud (ISC) integration connects your identity security tenant with SailPoint Entro to continuously discover, monitor, and analyze user identities, access roles, and permissions. This integration ingests human identity objects, assigned roles, entitlements, and cross-source metadata to identify structural identity risk, uncover over-privileged assignments, and map potential lateral movement paths.
Supported Environments
- SaaS Deployments: Any active SailPoint Identity Security Cloud tenant reachable via public API endpoints over secure outbound traffic from the designated SailPoint Entro Worker Group.
ASCII Architecture
+-------------------------+
| Entro Console |
| (Control Plane) |
+-------------------------+
|
| Control API + AES-256 token
V
+-------------------------+
| Worker Group |
| (Connector VM) |
+-------------------------+
|
| HTTPS (TLS 1.3) / REST API
V
+-------------------------+
| SailPoint ISC Tenant |
| (Identity Cloud SaaS) |
+-------------------------+
What SailPoint Entro Scans
-
Human identity accounts and linked security attribute metadata
-
Defined organizational roles and explicit user-to-role assignments
-
Linked source target accounts utilized for cross-source identity correlation
-
Source system metadata definitions (e.g., Workday, Active Directory) referenced by active identities and roles
-
Base identity profile structure definitions
Data Access Mode and Security
-
Read-Only Access: SailPoint Entro acts strictly as a read-only integration consumer. The assigned service client relies on minimal directory lookup privileges.
-
Encryption Controls: Stored integration authentication credentials and API keys are protected at rest via AES-256 encryption.
-
In-Transit Protection: All programmatic data movement between the Worker Group and SailPoint uses HTTPS secured with TLS 1.3 encryption.
-
Compliance Standards: Operation aligns explicitly with SOC 2 Type II, ISO 27001, and GDPR data management practices.