ISC Guide

Creating Identities in IdentityNow is not possible externally through e.g. an API. We need to aggregate Accounts in ISC itself. To connect it to 3rd party systems like Entra ID, AD, IIQ we need so called ‘Sources’.

https://documentation.sailpoint.com/saas/help/sources/index.html

In ISC, under Admin -> Connections -> Sources you can add them.

When creating a new one , there are out of the box connectors like Active Directory, GitHub etc. For connecting a local IIQ instance we need a ‘SCIM 2.0’ connector.

As IIQ is usually not accessible from outside we need a so called ‘Virtual Appliance’. “In order to securely communicate with your organization’s systems, SailPoint uses Virtual Appliances (VAs) to connect your tenant and on-premises applications. A VA is a Linux-based virtual machine that connects to your sources and apps using SailPoint APIs, connectors, and integrations.”

https://documentation.sailpoint.com/saas/help/va/index.html

So to connect ISC <-> local IIQ we need this VA deployed on-premises. For testing purposes local machine + VPN is also ok. Succesfully tested with Oracle VirtaulBox on local machine.

To do that in ISC, you find the steps to conifigure it under Admin -> Connections -> Virtual Appliances. There you need a VA cluster first and then need to follow the steps mentioned when you create a Virtual Appliance within that cluster.

https://documentation.sailpoint.com/saas/help/va/deploy_va.html

Now you can go back to the ‘Sources’ overview and create the SCIM 2.0 source. Under ‘Connection Settings’ you (for now) need to use Basic Authentication because oAuth 2.0 seems to give problems while aggregating (IIQ Logs say Bearer Token expired).

Then under Account Schema and Account Correlation you can configure which attributes should be mapped how etc. Under Account Aggregation you then can start the Aggregation. When succesfull you find the Accounts under ‘Accounts’.