DocuSign Integration with SailPoint

The DocuSign electronic signature app provides users a simplified way to digitally sign and return documents from anywhere in the world.

describes the Integration for the DocuSign Application of SailPoint IdentityIQ (IIQ) solution implementation.

SailPoint webservice connector is application type used to connect from SailPoint to DocuSign application. for creating account, update account, Activate and deactivate account.

Details Required for DocuSign integrate with SailPoint

  1. Need to get the DocuSign API details for the different operation.
  2. Base URL will be different for different environment.
  3. secret key and client ID for the token generation.
  4. Generating access token with Authorization code.

Use Cases

The following operation will be performed by IIQ – 

Create, Update, Enable, Disable, Account Aggregation, Group Aggregation

Created Account operation: This use case will be used to create the account for the different user with adding the groups, permission, and different details required for the account creation.

Update Account operation : If the existing user need to update the details , where the details can be updated in the form which is provided in the SailPoint.

Leaver Process : As the user will be left the company or the department, then the user will be disabled or deleted automatically by the leaver process.

Mover Process : Once the user is transferred from the one department to other department or to the position is changed of the user then the mover process will be triggered.

Rehire Process: Once the user is re-hired in the organization then the re-hire process will be triggered.

Sailpoint IdentityIQ: Bulk User Creation Plugin

Bulk User Creation Plugin in IdentityIQ


A plugin is a tiny piece of software that extends the functionality of an Application or Computer program.

The IdentityIq Plugin Framework is an protract framework model for IdentityIQ.It allows third parties to develop affluent application and service-level amplification to the core SailPoint IdentityIQ. It enables plugins to extend the excellence in user interface, deliver custom REST endpoints, and to deliver conventional background services.

In the following presentation, I will be providing a brief introduction of IdentityIQ Plugins:

Plugin Versioning Requirements

Plugin version numbers must be numeric, denote the parts of the version number with decimal points, and not contain any alphabetic or other characters in order to better facilitate upgrading plugins.
Leading zeroes will be removed from each segment of the version number, and the values between the decimal points are converted to integers.

For example:
06 and 00006 are both interpreted as 6
A segment containing any non-numeric values is interpreted as 0
7.009.alpha is parsed as 7.9.0
5.7.8a is parsed as 5.7.0

Plugin Object Model

The Plugin XML object, which specifies the plugin’s constant, describes a plugin in IdentityIQ. REST resources, Snippets, and settings are a few examples of features. The manifest.xml file contains the definition of the Plugin object. This file is necessary for plugin.

The XML object known as the Plugin Object defines the plugin’s feature. By binding them as attributes of a Plugin Object, this object informs IdentityIQ about the facets that are present in your plugin. You can also specify information about the plugin in the Plugin Object, such its name, the privileges needed to use it, its version, snippets, and REST resources. Use the advanced plugin settings to define a form or to refer to a specific plugin configuration file for more complicated plugins that need support for several field types and more dynamic behavior, such as drop-down lists or password fields. Depending on past selections, dynamic behavior can involve showing or hiding other fields.

For Example: In contrast to when the user picks basic authentication, it could be more acceptable to display an access token field when the user selects o-auth authentication.

Plugin Settings

Attributes that can be changed during installation are known as plugin settings. To view the configuration options page, click Configure. Forms are used to display the settings. The form is generated automatically if the plugin does not use its advanced options.
On the plugin settings page, the settings from the manifest file are shown in alphabetical order.
A single setting on a plugin’s configuration settings page can be represented by the Plugin setting object. On the settings page, each object serves to represent a single customizable setting.

Developing Plugins

IdentityIQ stores the .zip archive file of the Plugin in the IdentityIQ database in the spt_file_bucket table. The data in the spt_file_bucket table is a referenced ID to an entry in the spt_persisted_file table.

After establishment or amid an application server restart, plugins are stacked from file. All consequence files are taken from file and cached for ensuing utilization. The cached files can be gotten to using a assortment of accessor ways, but they can moreover be retrieved by utilizing

the URL prefix /identityiq/plugin/pluginName taken after by the way indicated within the construct structure. The PluginClassLoader lesson is utilized to stack and cache compiled Java classes from file.

Example Plugin Directory Structure:    

Bulk User Creation Plugin

This is a custom plugin built by ENH iSecure for creating Identities through SailPoint IdentityIQ and Provision the following identities to the requested Applications in IdentityIQ

A User like a manger level will have a Privilege to request for Bulk User Creation, once a .csv file is Uploaded in UI page by the following user and if the users request gets Approved a bulk number of identities will be created in Sailpoint IdentityIQ and the following identities provisioning takes place on the identities joining dates for the Requested Applications and following Email notification follows with respective action steps.

In the following video, I will be providing a detailed demo on IdentityIQ custom Plugin (Bulk User Creation)

Governing G Suite using SailPoint Identity IQ

Identity IQ – G Suite Integration

Office productivity suites comprise the essential set of tools required for an employee’s day to day work. They offer core services to users like email, calendars, shared storage and other tools to create and consume the information. New generation productivity suites understand today’s business needs and are designed to be omnipresent and highly collaborative.

G Suite is Google’s cloud based productivity suite. Being a cloud based solution, it is omnipresent and can be accessed all possible devices. Also, it is highly collaborative in nature. Google’s most popular services like Google mail, calendar, drive, docs, sheets, hangouts are bundled into G Suite. G Suite has been received greatly by organizations of all the sizes and has recorded 5 million organizations by end of 2018. G Suite has quickly climbed up the ladder to become a leader in Gartner’s magic quadrant for 2 years consecutively.

Governing such core cloud based services containing sensitive information is of great importance.

In the following presentation, we provide a detailed overview of G Suite integration with Identity IQ.

G Suite – Identity IQ Integration

In the following video, we provide a detailed demo of this integration.

A detailed demo of G Suite governance with IDENTITY NOW is coming shortly.

SailPoint IdentityIQ SSO Integration with PingFederate

Nowadays, almost every website requires some form of authentication to access its features and content. With the number of websites and services rising, a centralized login system has become a necessity. Single sign-on (SSO) is an authentication process that allows a user to access multiple applications with one set of login credentials. PingIdentity’s PingFederate allows the SSO for the enterprises which have the multiple applications and API’s to protect.

PingFederate is the leading enterprise federation server for user authentication and standards-based single sign-on (SSO) for employee, partner and customer identity types.

Continue reading

Sailpoint Identity IQ: Refresh logging through IIQ console

Sailpoint IdentityIQ uses log4j framework for logging. “” is the file where all the logging related properties are configured. IdentityIQ Servers would a need a refresh of the log4j configurations after anything changes to are made.

Usually this kind of refresh is performed through UI from the debug pages in IdentityIQ. Following are the steps to follow for refreshing log4j configurations through UI.

This image has an empty alt attribute; its file name is image-3-1024x279.png
  • Click on the “Logging” option in the menu.
  • Click on “Reload Logging Configuration”

Problem context:

log4j configurations whenever there are any changes have to refreshed across all the servers present in the environment. However, when a load balancer is configured, we might not have control to access individual servers through UI, thus making the refresh of log4j configurations through UI on each server.

Possible solutions:

There are 3 possible solutions for this problem.

  1. Temporarily re-directing load-balancer traffic to only one server and refresh the configurations on the same through debug pages. This process has to be repeated across all the servers.
  2. Accessing IdentityIQ through individual server host-names or IP addresses rather than load balancer URL. This may not be quite helpful as servers are usually configured in a way that individual servers redirect us towards load balancer URL.
  3. Best way in which this could be performed is through IIQ console.
    Following are the steps to follow for the same.
    • Launch IIQ console on one of the servers
    • Modify the as required.
    • Refresh the log4j configurations using the command “logconfig” as shown in the below screenshot.
  • Repeat the above steps for all servers in the environments.

Rule Library in SailPoint IdentityIQ

Rule is an XML object with fully programmable java-based implementation hooks (Bean Shell). Rules can capture pieces of business-logic.SailPoint IdentityIQ is very much Rule-Driven, and thus very flexible.

Rules can reference other Rules! Helpful with creating Rule Libraries.

Rule Libraries are collections of methods that have been grouped together and stored in IdentityIQ as a Rule object. They contain a set of related but unconnected methods that can be invoked directly by workflow steps or other rules.

Continue reading

Bulk Provisioning – Batch Request in SailPoint IdentityIQ

Batch Requests enable you to generate specific types of access requests for more than one user at a time. The required data is gathered from a prepared comma-delimited file for each request type. The batch files require comma-delimited data that represents the individual requests. In most cases the native identity or identity name can be used to specify the request target.

In this presentation, we will be discussing on batch requests in SailPoint IdentityIQ, different methods involved in batch requests, complete explanation on individual types implementation with the Active Directory and Azure Bulk Provisioning.

Bulk Provisioning – Batch Request in SailPoint IdentityIQ
Continue reading

Filters in Refresh Identity Cube Task of IdentityIQ

Refresh Identity cube task is one of the most popular predefined tasks in SailPoint IdentityIQ. Refresh Identity cube task performs a full refresh of the identity cubes and aggregates the data from external sources for all identities. The task has the features to specify which identities are needed to be refresh, by the use of Filters. Filters are used in many places throughout IdentityIQ to allow actions to be applied to a subset of system objects. Filters in Refresh Identity cube task make use of filter strings, which will refresh all the identities which meet the filter constraint mentioned in the task.

The following presentation discusses in detail about the different filters used in the Refresh Identity cube task.

The following is the demonstration of the usage of different filters on Refresh identity cube task.

ETL Process and Working of CloverETL in Sailpoint IdentityIQ

As data is generated rapidly day to day, there is a need to organize it to generate useful results from data. It is essential to properly format and prepare the data before loading it into data storage systems for analysis. Otherwise bad data leads to inaccurate analysis that could have a great loss for the organization. In order to prevent these problems, the data needs to be processed and transformed into quality data, which generates a better analysis.

This can be achieved by using ETL process which Extracts, Transforms, and Loads the data. Each of these phases can include functionalities to process the data as required. There are various tools that perform ETL process. Sailpoint is flagship identity management tool, which uses CloverETL(CloverDX) to perform data processing.

The following presentation sheds light on ETL process and working of CloverETL in Sailpoint.


Integrating CyberArk with SailPoint using SCIM

Privileged accounts are considered to be “keys to the kingdom” in any IT Infrastructure. Almost every cyber attack that has ever happened involved compromises at the privileged account level. PAM Solutions usually help in managing such accounts, keys or files that would lead to escalated access.

CyberArk is the global leader in PAM solutions with a holistic approach towards privileged account management. It covers not only traditional PAM problems but also extends its capabilities with various features like managing hard-coded application credentials, analytics, on-demand privileges escalation and managing end-user devices like desktops.

Securing and streamlining identity and privileges data present with such solutions is of very high importance.

In the following presentation, we provide a detailed overview of CyberArk integration with SailPoint by integrating Cyberark as a SailPoint’s application.

In the following video, we provide a detailed demo of this integration.