SailPoint IdentityIQ Docker Environment

Deploying SailPoint IdentityIQ has traditionally been a meticulous, server-by-server process, demanding careful manual configuration and constant vigilance to maintain consistency. This complexity can slow down projects, introduce errors, and make scaling a significant challenge. This post introduces a streamlined, containerized deployment strategy that transforms IdentityIQ into a modern, agile, and resilient platform for any environment.

The Case

The Goal

Our objective is to fundamentally modernize the IdentityIQ deployment lifecycle by leveraging the power of Docker and Ansible. We aim to create a fully automated, consistent, and portable deployment pipeline. By containerizing the IdentityIQ application, we encapsulate it with all its dependencies, ensuring it runs identically everywhere, from a local machine to a production cluster. This approach eliminates configuration drift, drastically reduces setup time, and provides a robust, “infrastructure-as-code” foundation for managing SailPoint IdentityIQ at enterprise scale.

The Implementation

The transformation from a manual to an automated deployment model is best understood by comparing the two approaches directly.

Traditional Setup

Database Setup: Manually connecting to a database server to execute SQL scripts like <span class="inline-code ng-star-inserted">CREATE USER</span> and grant specific permissions.

Application Server Configuration: Editing specific XML files (<span class="inline-code ng-star-inserted">server.xml</span>, <span class="inline-code ng-star-inserted">standalone.xml</span>) based on the chosen application server (Tomcat, JBoss, etc.) to set properties like <span class="inline-code ng-star-inserted">URIEncoding</span>.

WAR File Deployment: Manually unpacking the identityiq.war file into the application server’s deployment directory.

Binary Management: Manually placing JDBC drivers, patches, and custom JARs into the correct subdirectories.

This process is not only time-consuming but also a major source of inconsistencies. A single missed step or a slightly different configuration value between servers can lead to hours of troubleshooting.

Our Solution

Automated Initialization: Instead of manual database setup, our Ansible playbooks automatically spin up a database container. A dedicated initialization container (<span class="inline-code ng-star-inserted">iiq_init</span>) then runs once to create the schema, users, and tables, ensuring a perfect setup every time.

Configuration as Code: Forget editing XML files. All environment-specific settings like database hosts, ports, and credentials are managed as environment variables (<span class="inline-code ng-star-inserted">DATABASE_TYPE</span>, <span class="inline-code ng-star-inserted">MSSQL_HOST</span>, <span class="inline-code ng-star-inserted">MSSQL_USER</span>, etc.). These variables are injected into configuration templates at runtime, guaranteeing consistency across all deployments.

Immutable Images: We start with a base Docker image containing Ubuntu, Tomcat, and OpenJDK. The <span class="inline-code ng-star-inserted">identityiq.war</span>, along with any patches, plugins, and libraries, are then added to create a self-contained, versioned application image. This image is the single source of truth, ensuring that what you test is exactly what you deploy.

Simplified Execution: The entire process is driven by a few simple Ansible commands. Running ansible-playbook playbooks/site.yml -e iiq_init=true is all it takes to build the image, provision the database, and launch a fully functional IdentityIQ instance from scratch.

This method directly solves the core challenges of IdentityIQ deployment, resulting in a system that is fast, reliable, and easy to manage.

The Next Steps

Adopting this containerized deployment model is the first step toward building a true DevOps capability around your Identity and Access Management platform. This approach serves as the perfect foundation for creating a complete CI/CD pipeline, enabling automated testing, seamless upgrades, and push-button deployments to staging and production environments. It also simplifies scaling and integration with modern orchestration platforms like Kubernetes.

To learn how you can implement this strategy and tailor it to your organization’s unique needs, contact us to explore the possibilities.

The Conclusion

By shifting from a traditional, manual installation process to a modern, containerized strategy using Docker and Ansible, we have effectively tamed the complexity of deploying SailPoint IdentityIQ. This new paradigm delivers unparalleled speed, consistency, and reliability across all environments. It empowers organizations to manage their IAM infrastructure as code, reducing operational overhead and accelerating the delivery of new identity services. At WedaCon, we are dedicated to advancing enterprise solutions, and this robust deployment model is a clear example of our commitment to innovation and excellence.