Skip to content

Configuring Security Settings

Admin users manage SailPoint Accelerated Application Management through the admin console, where they can view and retrieve data. Users with the Global role can also configure system settings, define privacy controls, and create API tokens to allow API clients to integrate with the SailPoint Accelerated Application Management platform.

Managing Admin Users

Admin users can administer your SailPoint Accelerated Application Management site through the admin console. Admin users can view and retrieve data. In addition to viewing and retrieving data, users with the Global role can configure system configurations and define privacy controls.

To add an admin user:

  1. Go to Admin management.

  2. Select + Add admin.

  3. From the search box, select a user or group:

    • Select Users to add users from your IdP.
    • Select Groups to add groups from your IdP.

  4. Select the desired role:

    • Global – A global administrator has full access to the admin console and can configure and manage all aspects of the product.
    • Read-only – A read-only administrator has limited access to the admin console. They can retrieve and view data, but cannot make modifications or deletions.

  5. Select Done.

To change a user’s or group’s role, select Actions > Change role. To delete a user or group, select Actions > Remove.

Configuring Discovery Settings

You can configure the scope of activity that is discovered and tracked by SailPoint Accelerated Application Management, and for which areas of organization.

To temporarily stop discovery for all users, select Pause discovery. To restart discovery for the configured select Start discovery.

Configuring User Activity Types to Discover

Activity types control SailPoint Accelerated Application Management’s scope of visibility into user activity and potential security risks.

To configure which user activity types you want to discover:

  1. Go to Playbooks > Discovery settings > Activity.

  2. Enable the toggle next to each desired type.

Activity Type Description
General
General website browsing Tracks general browsing activity to identify accessed applications and services.
Data
File downloads Tracks download activity to help identify potential data ingress and risky file acquisition patterns.
File uploads Tracks upload activity to help identify potential data exfiltration paths.
Print attempt Tracks web page printing events.
Identity
Corporate credentials used in unmapped web apps Tracks events where users have submitted corporate credentials to unmapped web applications that were not visited by other employees before.
Submission of credentials Track events where employees submitted credentials to websites. This includes any type of credentials against any website.
Sign-ins, sign-ups, and password changes to SaaS applications Track sign-in events to web applications. Discover IdP password changes when using the web interface of Entra or Okta.
OAuth Track OAuth authorization events against OAuth providers (Microsoft, Google, LinkedIn, Apple, Facebook).

Configuring Organizational Areas to Track

You can control which users and areas of your organization are tracked by SailPoint Accelerated Application Management.

To configure which users activity is discovered and tracked:

  1. Go to Playbooks > Discovery settings > Target.

  2. Select the Target group field, and choose the desired target groups.

Managing API Tokens

You can use API personal access tokens to allow API clients to integrate with the SailPoint Accelerated Application Management platform.

To create an API token:

  1. Go to General settings > General tab.

  2. Within the Management API section, select Manage API tokens.

  3. On the API Tokens page, select + New token.

  4. In the Label field, enter a name to identify the API token.

  5. Select Create to generate the API token.

  6. Copy and store the token somewhere safe.

Important

Do not close this window without copying your token. You cannot view or change it later.