Skip to content

Managing Parameter Storage

SailPoint Parameter Storage allows admins to store and update privileged credentials in a single SailPoint managed secure repository. Parameter Storage provides secure handling of sensitive customer data removing the need for external storage solutions.

Parameter Storage supports three categories of parameters, each with several types.

  • Authentication - These are username + secret or other pieces of data that are required to authenticate an action.

    • Credential

    • Azure Entra ID Client

    • HTTP Custom Authorization

    • OAuth 2.0 Client Credentials Grant

  • Connection - These are parameters that are used to connect to target systems of actions. These could be hostnames, IP addresses, URLs etc. These are often repeated and if changed, benefit from one central place to update.

    • Active Directory

    • Entra ID

    • Server Address

    • WebApp

    • Kerberos

  • Authorization – This represents the authorization required for the action where the parameter is used.

    • OAuth Scopes

Note

Parameter Storage is only available for customers in AWS regions where AWS Nitro Enclaves that SailPoint employs are supported.

Creating a Parameter

  1. Go to Admin > Global > Parameter Storage.

  2. Select Create Parameter.

  3. Enter a unique Name for the parameter.

  4. Enter a Description.

  5. Select an Owner.

  6. Select a Category. Choose between Authentication and Connection.

    The category you select determines the type options to choose from.

  7. Select a Type.

    The type you choose determines the remaining fields you need to fill out. Select a type below to go to the table for the type of parameter you chose for the rest of the fields.

    If you chose Authentication as the category, the type options are:

    If you chose Connection as the category, the type options are:

    If you chose Authorization as the category, the type options are:

  8. After you’ve filled out all remaining fields, select Save to save the new parameter.

Note

You cannot edit the category or type of parameter after it has been created.

Authentication Parameters

Credential

Field Description
Username Enter the username . This can be any username, including a fully qualified domain username or an email address.
Password Enter the password. Before saving, select the unmask icon to unmask the entered password . You cannot view this after the parameter is saved.

Azure Entra ID Client

Field Description
Client ID Enter a client ID.
Client Secret Enter the Client Secret. Before saving, select the unmask icon to unmask the entered client secret. You cannot view this after the parameter is saved.

HTTP Custom Authorization

Field Description
Header Name Enter the header name.
Header Value Enter the header value. Before saving, select the unmask icon to unmask the entered header value. You cannot view this after the parameter is saved.

OAuth 2.0 Client Credentials Grant

Field Description
Token URL Enter the token URL.
Client ID Enter the Client ID.
Client Secret Enter the Client Secret. Before saving, select the unmask icon to unmask the entered client secret. You cannot view this after the parameter is saved.
Credential Location Select the credential location. Choose between Header and Body.

Connection Parameters

Active Directory

Field Description
Domain Controllers Enter one or more domain controllers. Press Enter between values. To remove one that has been added, select the remove icon .
LDAPS Port [TLS] Enter the LDAPS port.
LDAP Port the LDAP port.
Domain FQDN Enter the Domain FQDN.

Entra ID

Field Description
Tenant ID Enter the tenant ID.

Server Address

Field Description
Address Enter the DNS Address or IPv4 Address.

WebApp

Field Description
URL Enter the URL.

Kerberos

Field Description
Realm Enter the realm.
KDC Address Enter the KDC address.
Port Enter the port.
Transport Select the transport. Choose between UDP and TCP.

Authorization Parameter

OAuth Scopes

Field Description
Scopes Enter one or more values. Press Enter between values. To remove one that has been added, select the remove icon

Managing Parameters

The Parameters page is a centralized location to manage your organization’s stored parameters. You can view details, edit, update the secret, and delete a parameter.

Viewing Parameters

View details about the parameters from the Parameters page.

  1. Go to Admin > Global > Parameter Storage.

  2. Select the Actions icon next to the parameter you want to view details for and choose View Details.

  3. Select Close to exit out of the Details page.

Editing Parameters

Parameters can be edited after being created except for the category or type of parameter.

  1. Go to Admin > Global > Parameter Storage.

  2. Select the Actions icon and choose Edit.

  3. Make any changes you want to make.

  4. Select Save to save your changes.

Updating the Parameter Secret

If a parameter secret has been changed, update the parameter secret.

  1. Go to Admin > Global > Parameter Storage.

  2. Select the Actions icon and choose the Update option relevant to the parameter’s secret type.

  3. Enter the new secret.

  4. Select the unmask icon to view the supplied secret before saving. You cannot unmask a secret after it has been saved.

  5. Select Update to save changes.

Deleting Paramters

Parameters in use cannot be deleted. If the Delete button is disabled, the parameter is in use.

  1. Go to Admin > Global > Parameter Storage.

  2. Select Action icon and choose Delete.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.