External Network Requests from User Browsers
External network requests made by the IdentityNow web application from users' browsers are limited to the domains listed in this document. This restriction is enforced through our Content Security Policy (CSP).
If users are within a restricted network environment, such as behind a firewall or proxy where external network requests might be blocked, then you must allow inbound and outbound traffic from these domains for IdentityNow to be fully functional.
Note
FedRAMP customers should refer to this list of external network requests.
Important
You'll need to open all applicable sandbox or test sites in addition to production sites. For example, Acme Corp would need to add both acme-sb.identitynow.com and acme.identitynow.com to their allow list.
| Type | Domain(s) | Description |
|---|---|---|
| Your API Domain | <org_name>.api.identitynow.com | The primary domain name for all API access. |
| Your CIEM API Domain | <org_name>.cam.sailpoint.com | The primary domain name for all CIEM API access. |
| SailPoint's Login Service | <org_name>.login.sailpoint.com | The primary domain name for shared authentication service. |
| SailPoint Home Domain | <org_name>.home.sailpoint.com | The user interface for switching between SailPoint products. |
| Your IdentityNow Domain | Examples include: <company>.identitynow.com <vanity>.com |
The domain your IdentityNow instance is served from. This is the primary domain for all interaction in IdentityNow. <vanity> applies if your organization uses a domain name other than <company>.identitynow.com |
| SailPoint's Content Distribution Network (CDN) | d2cp8qnlnrfxq4.cloudfront.net dpicwga5ptyq9.cloudfront.net files.accessiq.sailpoint.com assets.sailpoint.com |
This is our Content Distribution Network (CDN) for static web assets, such as javascript, stylesheets, images, etc, across multiple domains. |
| Static Asset Repository | US East (US-East-1) sppcbu-images-useast1.s3.amazonaws.com sppcbu-images-useast1.s3.us-east-1.amazonaws.com US West (US-West-2) ssppcbu-images-uswest2.s3.amazonaws.com sppcbu-images-uswest2.s3.us-west-2.amazonaws.com Canada (CA-Central-1) sppcbu-images-cacentral1.s3.amazonaws.com sppcbu-images-cacentral1.s3.ca-central-1.amazonaws.com Frankfurt (EU-Central-1) sppcbu-images-eucentral1.s3.amazonaws.com sppcbu-images-eucentral1.s3.eu-central-1.amazonaws.com London (EU-West-2) sppcbu-images-euwest2.s3.amazonaws.com sppcbu-images-euwest2.s3.eu-west-2.amazonaws.com Tokyo (AP-Northeast-1) sppcbu-images-apnortheast1.s3.amazonaws.com sppcbu-images-apnortheast1.s3.ap-northeast-1.amazonaws.com Singapore (AP-Southeast-1) sppcbu-images-apsoutheast1.s3.amazonaws.com sppcbu-images-apsoutheast1.s3.ap-southeast-1.amazonaws.com Sydney (AP-Southeast-2) sppcbu-images-apsoutheast2.s3.amazonaws.com sppcbu-images-apsoutheast2.s3.ap-southeast-2.amazonaws.com |
The static asset repository stores images uploaded from IdentityNow, such as your organization's logo or other customized icons. Use the 2 URLs that correspond to your region. |
| Third-party Vendor: Pendo | app.pendo.io cdn.pendo.io pendo-io-static-storage.googleapis.com pendo-static-5683840649003008.storage.googleapis.com |
Pendo is a third-party service that provides usage analytics and in-app messaging. This service allows SailPoint to understand how users use IdentityNow and to provide in-app messages for various features. |
| Third-party Vendor: LaunchDarkly | app.launchdarkly.com events.launchdarkly.com |
LaunchDarkly is a third-party service that provides feature flag management. This service allows SailPoint to manage the release of new features and functions to your site. |
FedRAMP Customers
| Type | Domain(s) | Description |
|---|---|---|
| Your API Domain | <org_name>.api.saas.sailpointfedramp.com | The primary domain name for all API access. |
| SailPoint’s Login Service | <org_name>.login.saas.sailpointfedramp.com | The primary domain name for shared authentication service. |
| SailPoint Home Domain | <org_name>.home.saas.sailpointfedramp.com | The user interface for switching between SailPoint products. |
| Your IdentityNow Domain | <org_name>.saas.sailpointfedramp.com | The domain your IdentityNow instance is served from. This is the primary domain for all interaction in IdentityNow. |
| Your CIEM API Domain | <org_name>.cam.sailpointfedramp.com | The primary domain name for all CIEM API access. |
| SailPoint’s CDN | files.idn.sailpointfedramp.com assets.sailpointfedramp.com |
This is our Content Distribution Network (CDN) for static web assets, such as javascript, stylesheets, images, etc, across multiple domains. |
| Static Asset Repository | FedRAMP US West (US-Gov-West-1) spfpcbu-images.s3.us-gov-west-1.amazonaws.com |
The static asset repository stores images uploaded from IdentityNow, such as your organization's logo or other customized icons. |
Review and complete additional required security settings within Configuring System Settings.