Skip to content
Connection Guide

Connect SailPoint Identity Security Cloud Without Breaking the Audit Trail

Use this guide to connect SailPoint Identity Security Cloud or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary
Connection typeDirect connection
CategoryIdentity
Checklist4 steps
Want help with rollout?
We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect SailPoint Identity Security Cloud and make sure the first collection lands cleanly.

  1. 1
    Create a dedicated SailPoint service account, mint a PAT, and store the PAT client_id plus client_secret in Aurora.
  2. 2
    Set tenant_domain to the public API host and let the connector discover OAuth metadata from https://{tenant_domain}/oauth/info.
  3. 3
    Keep the PAT-backed account at the documented ORG_ADMIN baseline unless a narrower proven scope bundle has been validated in the customer tenant.
  4. 4
    If the tenant disallows experimental endpoints, leave password-policy enrichment disabled and rely on auth-org lockout and session configuration only.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

client_idclient_secret

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

Access requirements depend on the collection mode and scope you choose.