Problem:
In SailPoint Identity Security Cloud, we often face challenges in managing and governing user level permissions and governance group membership effectively, which may lead to unauthorized access and audit failures. Governing access inside Identity Security Cloud is important.
Current blog helps govern access in Identity Security Cloud using Identity Security Cloud loopback connector.
Solution – Loopback connector:
The purpose of loopback connector is used to manage Identity Security Cloud user levels and governance groups as entitlements.

Users can request for elevated user levels permissions and governance groups as entitlements through request center. Once that is approved user will get required higher permission or governance group membership based on requested entitlement.
Supported Operations:
Below are the supported operations in loopback connector:
- Account Aggregation
- Governance Groups Aggregation
- User levels Aggregation
- Provisioning
- Add Entitlement
- Remove Entitlement
Operations and APIs
Below is the list of endpoints we used for each operation in loopback connector:
In this blog, we will be discussing about the Identity Security Cloud Loopback Connector in detail. The following are the key topics that are discussed as part of the blog.
- Problem statement
- What is loopback connector and what we can achieve from that?
- Use cases we can achieve using loopback connector
- What are the supported operations?
- End points used for each operation.
In the video blog of SailPoint Identity Security Cloud Loopback Connector, we will be discussing above mentioned topics.
Video:
Detailed demo on developing & testing loopback connector is present in the following video.
Video:
All the mentioned technical components are only available for internal use. However, refer to the below table for an overview on different technical components, which can be used to develop the loopback connector.
S. No | Component Name | Use |
1 | Java Program | This program is used to take details like tenant id, client id, client secret and source id and update all rules with provided input data. |
2 | Account Aggregation Rule | This is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all the available accounts from the respective tenant. |
3 | User Levels Aggregation Rule | This is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all user levels available from the respective tenant. |
4 | Governance Groups Aggregation Rule | This is Webservice After Operation Rule. Users can build this rule in such a way, where they can read all the available governance groups from the respective tenant.. |
5 | Add Entitlement | This is Webservice Before Operation Rule. Users can build this rule in such away, upon entitlement request, respective governance group membership or elevated permissions are assigned to users |
6 | Remove Entitlement | This is Webservice Before Operation Rule. Users can build this rule in such away, respective governance group membership or elevated permissions are removed from users. |