External Network Requests from User Browsers
External network requests made by the Identity Security Cloud web application from users' browsers are limited to the domains listed in this document. This restriction is enforced through our Content Security Policy (CSP).
If users are within a restricted network environment, such as behind a firewall or proxy where external network requests might be blocked, then you must allow inbound and outbound traffic from these domains for Identity Security Cloud to be fully functional.
Note
FedRAMP customers should refer to this list of external network requests.
Important
You'll need to open all applicable sandbox or test sites in addition to production sites. For example, Acme Corp would need to add both acme-sb.identitynow.com and acme.identitynow.com to their allow list.
| Type | Domain(s) | Description |
|---|---|---|
| Your API Domain | <org_name>.api.identitynow.com | The primary domain name for all API access. |
| Your SailPoint CIEM API Domain | <org_name>.cam.sailpoint.com | The primary domain name for all SailPoint CIEM API access. |
| SailPoint's Login Service | <org_name>.login.sailpoint.com | The primary domain name for shared authentication service. |
| SailPoint Home Domain | <org_name>.home.sailpoint.com | The user interface for switching between SailPoint products. |
| Your Identity Security Cloud Domain | Examples include: <company>.identitynow.com <vanity>.com |
The domain your Identity Security Cloud instance is served from. This is the primary domain for all interactions. <vanity> applies if your organization uses a domain name other than <company>.identitynow.com |
| SailPoint's Content Distribution Network (CDN) | d2cp8qnlnrfxq4.cloudfront.net dpicwga5ptyq9.cloudfront.net files.accessiq.sailpoint.com assets.sailpoint.com |
This is our Content Distribution Network (CDN) for static web assets, such as javascript, stylesheets, images, etc, across multiple domains. |
| Static Asset Repository | US East (US-East-1) sppcbu-images-useast1.s3.amazonaws.com sppcbu-images-useast1.s3.us-east-1.amazonaws.com US West (US-West-2) ssppcbu-images-uswest2.s3.amazonaws.com sppcbu-images-uswest2.s3.us-west-2.amazonaws.com Canada (CA-Central-1) sppcbu-images-cacentral1.s3.amazonaws.com sppcbu-images-cacentral1.s3.ca-central-1.amazonaws.com Frankfurt (EU-Central-1) sppcbu-images-eucentral1.s3.amazonaws.com sppcbu-images-eucentral1.s3.eu-central-1.amazonaws.com London (EU-West-2) sppcbu-images-euwest2.s3.amazonaws.com sppcbu-images-euwest2.s3.eu-west-2.amazonaws.com Tokyo (AP-Northeast-1) sppcbu-images-apnortheast1.s3.amazonaws.com sppcbu-images-apnortheast1.s3.ap-northeast-1.amazonaws.com Singapore (AP-Southeast-1) sppcbu-images-apsoutheast1.s3.amazonaws.com sppcbu-images-apsoutheast1.s3.ap-southeast-1.amazonaws.com Sydney (AP-Southeast-2) sppcbu-images-apsoutheast2.s3.amazonaws.com sppcbu-images-apsoutheast2.s3.ap-southeast-2.amazonaws.com |
The static asset repository stores images uploaded from Identity Security Cloud, such as your organization's logo or other customized icons. Use the 2 URLs that correspond to your region. |
| Third-party Vendor: Pendo | app.pendo.io cdn.pendo.io pendo-io-static-storage.googleapis.com pendo-static-5683840649003008.storage.googleapis.com |
Pendo is a third-party service that provides usage analytics and in-app messaging. This service allows SailPoint to understand how users use Identity Security Cloud and to provide in-app messages for various features. |
| Third-party Vendor: LaunchDarkly | app.launchdarkly.com events.launchdarkly.com |
LaunchDarkly is a third-party service that provides feature flag management. This service allows SailPoint to manage the release of new features and functions to your site. |
FedRAMP Customers
| Type | Domain(s) | Description |
|---|---|---|
| Your API Domain | <org_name>.api.saas.sailpointfedramp.com | The primary domain name for all API access. |
| SailPoint’s Login Service | <org_name>.login.saas.sailpointfedramp.com | The primary domain name for shared authentication service. |
| SailPoint Home Domain | <org_name>.home.saas.sailpointfedramp.com | The user interface for switching between SailPoint products. |
| Your Identity Security Cloud Domain | <org_name>.saas.sailpointfedramp.com | The domain your Identity Security Cloud instance is served from. This is the primary domain for all interactions. |
| Your SailPoint CIEM API Domain | <org_name>.cam.sailpointfedramp.com | The primary domain name for all SailPoint CIEM API access. |
| SailPoint’s CDN | files.idn.sailpointfedramp.com assets.sailpointfedramp.com |
This is our Content Distribution Network (CDN) for static web assets, such as javascript, stylesheets, images, etc, across multiple domains. |
| Static Asset Repository | FedRAMP US West (US-Gov-West-1) spfpcbu-images.s3.us-gov-west-1.amazonaws.com |
The static asset repository stores images uploaded from Identity Security Cloud, such as your organization's logo or other customized icons. |
Review and complete additional required security settings within Configuring System Settings.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.