Skip to content

Configuring Sources

Identity Security Cloud collects information about your users' system accounts and their associated access so they can be governed.

You will use sources to load user data from applications, databases, or directory management systems into Identity Security Cloud. SailPoint provides connectors to collect user accounts and access rights from those systems and associate them with the source definition.

A source can be added through a direct connection using a connector or a flat file feed using a .csv file:

  • A direct connection is a method of communicating directly between a source server and Identity Security Cloud. You'll use connectors to provide connection information specific to the source.
  • A flat file feed is a .csv file that contains the relevant information about the accounts you want to add.

Depending on the source type, you might be able to configure the source for deep governance or provide minimal configuration information to create a read-only source.

When you have completed your connection, you can aggregate, or load data, from your connected systems.

Configuring a Source for Deep Governance

Sources configured for deep governance read user account and entitlement data and provision changes directly from Identity Security Cloud to managed systems and applications. This includes governance actions on the source like configuring account schemas and provisioning, aggregating and managing entitlements, and configuring password settings.

Note

Some sources can be configured as read only or deep governance. If you've configured a supported source for read-only actions, you can choose to convert it to deep governance.

  1. Go to Admin > Connections > Sources.

  2. Select Create New.

  3. Search for a source type that supports deep governance and select Configure.

  4. Enter a unique name and description for the source to help admins differentiate it from others.

  5. Select a source owner who will be responsible for the system.
  6. Choose whether you will be connecting directly to the source system or using a file-based representation of its data.
  7. For direct connect, select a virtual appliance cluster with connectivity to the source.
  8. (Optional) Select a governance group to grant its members source or role sub-admin level oversight of the source and its access.

  9. If this source represents a primary system containing your organization's personnel records, select the Authoritative Source checkbox.

    • You must create identity profiles for the authoritative source to create identities from the source data. Ensure the correlation logic for this source will match the source accounts to the correct identities.

  10. Select Continue to go to the source configuration page. The remaining source configuration details depend on the source type and connection type.

If you choose a flat file connection type for a source type, you will import a .csv file with your source data. If there is not a predefined connector for the source, you can use the Delimited File and Generic source types.

After you complete and save your source configuration, you can manually aggregate account information as needed or schedule account aggregations from direct connect sources on a regular basis.

Configuring a Read-Only Source

You can configure sources to perform read-only actions. Some sources can support both read-only and deep governance configurations, while Quick Compliance connectors support account and entitlement aggregation only. These read-only configurations require minimal information to quickly begin gathering user data from the source system.

  1. Go to Admin > Connections > Sources.

  2. Select Create New.

  3. Search for a source type.

    If the source only supports read actions, it will have the Quick Compliance badge on the tile. You can also configure some deep governance sources for read-only operations.

  4. Select Actions > Express Setup to provide minimal configurations and quickly connect the source or choose Standard Setup to configure more settings.

    Notes

    • If you want to use Express Setup now and provide additional configurations later, you can edit the source after creation.
    • Read-only sources have limited menu options since they do not support provisioning actions.

  5. Review the directions and select Start Express Setup.

  6. Review the pre-populated connector name, owner, and description. Select Next.
  7. Provide the required authentication like the Base URL and API Token.
  8. Select Finish.
  9. You will be prompted to start an aggregation to load data from the source system or exit the setup.

Enabling Provisioning on a Read-Only Source

Some sources can support both read-only and deep governance configurations. If you've configured a supported source to perform read-only actions, you can convert it into a deep governance source capable of changing users' access to systems and data in your enterprise.

  1. Go to Admin > Connections > Sources.
  2. Select the source you configured as read only.

  3. In Base Configuration, select Enable Provisioning.

    Caution

    Converting a read-only source to deep governance cannot be undone.

You can now configure the source to perform deep governance actions.

Note

Sources with the Quick Compliance badge support read-only operations and cannot be converted to deep governance.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.