Skip to content

Granting Support Access to Your Site

If your SailPoint cloud tenant isn't behaving as expected, you might reach out to Customer Support for help. In some cases, the support team might need access to your site so they can troubleshoot more directly. In addition, if you are working with SailPoint Services on your implementation, they might need access to your site.

As an org administrator, you can grant the SailPoint team temporary access to your site using the Grant Tenant Access page.

Without this special permission, no one from SailPoint Support or Services can sign in to your org.

Enabling Access to Your Site

  1. Go to Admin > Global > Grant Tenant Access.

  2. Under External Tenant Access, move the slider to Enabled.

    This allows SailPoint's Support team to log in to the and accounts to help with implementation or troubleshooting.

  3. Under Access Expiration, choose an expiration date for the support team's access to your tenant.

    The expiration date for the access must be between 1 week and 1 year away.


    The name of the support team that appears in the description on this page may vary depending on whether you're working with SailPoint directly or with a partner.

  4. Select Save and confirm your choice in the dialog box.

    To remove the support team's access to your site prior to the expiration date, move the External Tenant Access slider to Disabled.

Actions performed by these users can be tracked in the default audit reports.

Frequently Asked Questions

Can the Support team access my org during initial deployment to help with implementation?

Yes. By default, when an org is created, the Support team is automatically granted access to the org for 6 months. This access appears on the Grant Tenant Access page and can be revoked if it's no longer necessary.

If all org administrators are locked out of their accounts, how can I grant access to the Support team to help me access my org again?

In emergency situations, the Support team is able to request special access from SailPoint to the identity in any customer site. The identity is ordinarily locked, but it can be enabled in case of emergencies, allowing the Support team to access the site and restore access to the site's administrators.

Why don't I see the and in the list of identities?

The Identities page only lists identities created from authoritative sources. These two are special-use identities built into all Identity Security Cloud installations which should never be included in an authoritative source. They should also never be deleted. Deleting them will prevent SailPoint from accessing your tenant to help in an emergency situation.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at