SailPoint IdentityIQ Docker Environment

Deploying SailPoint IdentityIQ has traditionally been a meticulous, server-by-server process, demanding careful manual configuration and constant vigilance to maintain consistency. This complexity can slow down projects, introduce errors, and make scaling a significant challenge. This post introduces a streamlined, containerized deployment strategy that transforms IdentityIQ into a modern, agile, and resilient platform for any environment.

The Case

The standard IdentityIQ installation process is a gauntlet of manual steps that presents significant operational challenges. Administrators and DevOps teams must meticulously configure databases, tune application servers like Tomcat or JBoss, and manage system properties. This traditional approach is fraught with issues: stateful components like the database and sailpoint.home files resist modern, stateless infrastructure design. Configuration drift becomes almost inevitable, as subtle differences between development, testing, and production environments creep in through manual XML and property file edits. Furthermore, memory-heavy tasks like aggregations require careful, environment-specific resource tuning, and scaling out can be complicated by licensing constraints. The result is a brittle deployment that is slow to provision, difficult to replicate, and prone to error, hindering an organization’s ability to respond quickly to new business needs.

The Goal

Our objective is to fundamentally modernize the IdentityIQ deployment lifecycle by leveraging the power of Docker and Ansible. We aim to create a fully automated, consistent, and portable deployment pipeline. By containerizing the IdentityIQ application, we encapsulate it with all its dependencies, ensuring it runs identically everywhere, from a local machine to a production cluster. This approach eliminates configuration drift, drastically reduces setup time, and provides a robust, “infrastructure-as-code” foundation for managing SailPoint IdentityIQ at enterprise scale.

The Implementation

The transformation from a manual to an automated deployment model is best understood by comparing the two approaches directly.

Traditional Setup

Database Setup: Manually connecting to a database server to execute SQL scripts like CREATE USER and grant specific permissions.

Application Server Configuration: Editing specific XML files (server.xml, standalone.xml) based on the chosen application server (Tomcat, JBoss, etc.) to set properties like URIEncoding.

WAR File Deployment: Manually unpacking the identityiq.war file into the application server’s deployment directory.

Binary Management: Manually placing JDBC drivers, patches, and custom JARs into the correct subdirectories.

This process is not only time-consuming but also a major source of inconsistencies. A single missed step or a slightly different configuration value between servers can lead to hours of troubleshooting.

Our Solution

Automated Initialization: Instead of manual database setup, our Ansible playbooks automatically spin up a database container. A dedicated initialization container (iiq_init) then runs once to create the schema, users, and tables, ensuring a perfect setup every time.

Configuration as Code: Forget editing XML files. All environment-specific settings like database hosts, ports, and credentials are managed as environment variables (DATABASE_TYPE, MSSQL_HOST, MSSQL_USER, etc.). These variables are injected into configuration templates at runtime, guaranteeing consistency across all deployments.

Immutable Images: We start with a base Docker image containing Ubuntu, Tomcat, and OpenJDK. The identityiq.war, along with any patches, plugins, and libraries, are then added to create a self-contained, versioned application image. This image is the single source of truth, ensuring that what you test is exactly what you deploy.

Simplified Execution: The entire process is driven by a few simple Ansible commands. Running ansible-playbook playbooks/site.yml -e iiq_init=true is all it takes to build the image, provision the database, and launch a fully functional IdentityIQ instance from scratch.

This method directly solves the core challenges of IdentityIQ deployment, resulting in a system that is fast, reliable, and easy to manage.

The Next Steps

Adopting this containerized deployment model is the first step toward building a true DevOps capability around your Identity and Access Management platform. This approach serves as the perfect foundation for creating a complete CI/CD pipeline, enabling automated testing, seamless upgrades, and push-button deployments to staging and production environments. It also simplifies scaling and integration with modern orchestration platforms like Kubernetes.

To learn how you can implement this strategy and tailor it to your organization’s unique needs, contact us to explore the possibilities.

The Conclusion

By shifting from a traditional, manual installation process to a modern, containerized strategy using Docker and Ansible, we have effectively tamed the complexity of deploying SailPoint IdentityIQ. This new paradigm delivers unparalleled speed, consistency, and reliability across all environments. It empowers organizations to manage their IAM infrastructure as code, reducing operational overhead and accelerating the delivery of new identity services. At WedaCon, we are dedicated to advancing enterprise solutions, and this robust deployment model is a clear example of our commitment to innovation and excellence.