Document toolboxDocument toolbox

SailPoint IdentityNow collector

Overview

SailPoint IdentityNow is an identity management solution that helps organizations manage employees' permission, digital identities, information security, data access compliance, and more on a unified portal.

Devo collector features

Feature

Details

Feature

Details

Allow parallel downloading (multipod)

Not allowed

Running environments

Collector server

On-premise

Populated Devo events

Table

Flattening preprocessing

Yes

Data sources

Data Source

Description

API Endpoint

Collector service name

Devo Table

Available from release

Data Source

Description

API Endpoint

Collector service name

Devo Table

Available from release

Account activities

Account activities entries

/v3/account-activities

account_activities

iam.sailpoint.identitynow.account_activity

v1.0.0

Events

Event related to management console

/v3/search

events

iam.sailpoint.identitynow.event

v1.0.0

For more information on how the events are parsed, visit our page.

Flattening preprocessing

Data source

Collector service

Optional

Flattening details

Data source

Collector service

Optional

Flattening details

Account activities

account_activities

No

Account activities are flattened on the items list. 

Accepted authentication methods

Authentication method

Client ID

Secret

OAuth

Required

Required

Minimum configuration required for basic pulling

Although this collector supports advanced configuration, the fields required to retrieve data with basic configuration are defined below.

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting

Details

Setting

Details

base_url

Base URL for SailPoint instance.

client_id

The client_id obtained from SailPoint for authentication.

client_secret

The client_secret obtained from SailPoint for authentication

See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Vendor setup

There are some requirements to run this collector. In order to retrieve the data, you must configure a Client_ID and Client Secret for API access to the SailPoint IdentityNow Portal. Follow these steps to obtain an access token:

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

Collector services detail

This section is intended to explain how to proceed with specific actions for services.

Account activities

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component

Description

Component

Description

Setup

The setup module is in charge of authenticating the service and managing the token expiration when needed.

Puller

The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

INFO InputProcess::MainThread -> SailpointPullerSetup(unknown,sailpoint#111,account_activities#predefined) -> Starting thread INFO InputProcess::SailpointPullerSetup(unknown,sailpoint#111,account_activities#predefined) -> No API client found INFO InputProcess::MainThread -> SailpointPuller(sailpoint,111,account_activities,predefined) - Starting thread WARNING InputProcess::SailpointPullerSetup(unknown,sailpoint#111,account_activities#predefined) -> The token/header/authentication has not been created yet WARNING InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Waiting until setup will be executed INFO InputProcess::SailpointPullerSetup(unknown,sailpoint#111,account_activities#predefined) -> Creating API client. INFO InputProcess::SailpointPullerSetup(unknown,sailpoint#111,account_activities#predefined) -> Client fetch method get_account_activities is valid for the given credentials. INFO OutputProcess::ConsoleSender(standard_senders,console_sender_0) -> {"timestamp": "2023-02-08 13:41:12.721", "tag": "devo.collectors.out.local.info", "content": "{\"msg\": \"Client fetch method get_account_activities is valid for the given credentials.\", \"time\": \"2023-02-08T13:41:12.721867Z\", \"level\": \"info\", \"collector_name\": \"unknown\", \"collector_version\": \"unknown\", \"collector_image\": null, \"input_name\": \"sailpoint\", \"service_name\": \"account_activities\", \"module_name\": \"SailpointPuller\"}"} INFO InputProcess::SailpointPullerSetup(unknown,sailpoint#111,account_activities#predefined) -> Setup for module <SailpointPuller> has been successfully executed

Puller output

A successful initial run has the following output messages for the puller module:

Note that the PrePull action is executed only one time before the first run of the Pull action.

INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> SailpointPuller(sailpoint,111,account_activities,predefined) Starting the execution of pre_pull() INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Reading persisted data INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Data retrieved from the persistence: {'initial_start_time_in_utc': '2022-01-01T19:26:03.351000Z', 'last_event_time_in_utc': '2023-02-08T02:06:27.485000Z', 'last_ids': ['4014c5538cf74f7388cffb36dd2b8da9'], '@persistence_version': 1} INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Running the persistence upgrade steps INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Running the persistence corrections steps INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Running the persistence corrections steps INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Detected initial start time in UTC change: {'values_changed': {'root': {'new_value': '2023-01-01T19:26:03.351000Z', 'old_value': '2022-01-01T19:26:03.351000Z'}}}. Resetting state to {'initial_start_time_in_utc': '2023-01-01T19:26:03.351000Z', 'last_event_time_in_utc': '2023-01-01T19:26:03.351000Z', 'last_ids': [], '@persistence_version': 1} WARNING InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Some changes have been detected and the persistence needs to be updated. Previous content: {'initial_start_time_in_utc': '2022-01-01T19:26:03.351000Z', 'last_event_time_in_utc': '2023-02-08T02:06:27.485000Z', 'last_ids': ['4014c5538cf74f7388cffb36dd2b8da9'], '@persistence_version': 1}. New content: {'initial_start_time_in_utc': '2023-01-01T19:26:03.351000Z', 'last_event_time_in_utc': '2023-01-01T19:26:03.351000Z', 'last_ids': [], '@persistence_version': 1} INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Updating the persistence WARNING InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Persistence has been updated successfully INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> SailpointPuller(sailpoint,111,account_activities,predefined) Finalizing the execution of pre_pull() INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Starting data collection every 60 seconds INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Pull Started INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Retrieving/sending account_activities event(s) having created between 2023-01-01T19:26:03.351000+00:00 and 2023-02-08T13:50:47.042987+00:00 INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Retrieved 250 account_activities event(s) INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Flattened 250 account_activities event(s) to 2463 event(s) INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Updating the persistence INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> (Partial) Statistics for this pull cycle (@devo_pulling_id=1675864247042):Number of requests made: 1; Number of events received: 250; Number of duplicated events filtered out: 0; Number of events generated and sent: 2463; Average of events per second: 913.145. INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> Statistics for this pull cycle (@devo_pulling_id=1675864247042):Number of requests made: 3; Number of events received: 300; Number of duplicated events filtered out: 24; Number of events generated and sent: 2937; Average of events per second: 858.817. INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> The data is up to date!

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

INFO InputProcess::SailpointPuller(sailpoint,111,account_activities,predefined) -> The data is up to date!

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

  1. Edit the configuration file.

  2. Change the value of the initial_start_time_in_utc parameter to a different one.

  3. Save the changes.

  4. Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

This collector has different security layers that detect both an invalid configuration and abnormal operation. This table will help you detect and resolve the most common errors.

Error type

Error ID

Error message

Cause

Solution

InitVariableError

1

datetime_format is not set in service thread globals.

Datetime format string not in internal config.

Input datetime format string in service thread globals.

InitVariableError

2

Datetime format "{datetime_format}" is invalid

Datetime format string does not render a valid datetime.

Update internal definition file with appropriate datetime format.

InitVariableError

3

Date {ini_start_time_str} is in the future

The initial_start_datetime_in_utc is a future date.

Update config with appropriate initial_start_datetime_in_utc value.

InitVariableError

4

request_retry_attempts is not set in service thread globals " "or module properties

The request_retry_attempts parameter is not configured.

Set request_retry_attempts in the service thread globals or module properties of the definition file.

InitVariableError

5

request_retry_attempts must be greater than or equal to 0

The request_retry_attempts parameter is less than 0.

Set request_retry_attempts parameter to any integer greater than or equal to 0.

InitVariableError

6

request_retry_attempts must be an integer

The request_retry_attempts parameter must be an integer.

Set request_retry_attempts as an integer.

InitVariableError

7

request_retry_delay_in_seconds is not set in service thread globals " "or module properties

The request_retry_delay_in_seconds parameter is not configured.

Set request_retry_delay_in_seconds in the service thread globals or module properties of the definition file.

InitVariableError

8

request_retry_delay_in_seconds must be greater than or equal to 0

The request_retry_delay_in_seconds parameter is less than 0.

Set request_retry_delay_in_seconds parameter to any integer greater than or equal to 0.

InitVariableError

9

request_retry_delay_in_seconds must be an integer

The request_retry_delay_in_seconds parameter must be an integer.

Set request_retry_delay_in_seconds  as an integer.

SetupError

101

Client fetch method is not valid

The API wrapper is calling a non-existent API endpoint or lacks a fetch method for that endpoint.

Ensure the internal definition file has correct API endpoints.

SetupError

102

HTTP Error while making request to Sailpoint API: {error message}

During the setup test (querying the endpoint), SailPoint responded with an unexpected error.

Review the error message to determine failure. If result of outage, allow collector to attempt authentication during next poll.

PullError

350

Failed to flatten event: {e} with key {by_key_path}. Exception: {e}

The flattening method failed to flatten the indicated event.

Ensure that a correct flattening key is utilized for the event.

Events service

Once the collector has been launched, it is important to check if the ingestion is performed in a proper way. To do so, go to the collector’s logs console.

This service has the following components:

Component

Description

Component

Description

Setup

The setup module is in charge of authenticating the service and managing the token expiration when needed.

Puller

The setup module is in charge of pulling the data in a organized way and delivering the events via SDK.

Setup output

A successful run has the following output messages for the setup module:

Puller output

A successful initial run has the following output messages for the puller module:

After a successful collector’s execution (that is, no error logs found), you will see the following log message:

This collector uses persistent storage to download events in an orderly fashion and avoid duplicates. In case you want to re-ingest historical data or recreate the persistence, you can restart the persistence of this collector by following these steps:

  1. Edit the configuration file.

  2. Change the value of the initial_start_time_in_utc parameter to a different one.

  3. Save the changes.

  4. Restart the collector.

The collector will detect this change and will restart the persistence using the parameters of the configuration file or the default configuration in case it has not been provided.

Collector operations

This section is intended to explain how to proceed with the specific operations of this collector.

Change log for v1.x.x

Release

Released on

Release type

Details

Recommendations

Release

Released on

Release type

Details

Recommendations

v1.0.0

Feb 24, 2023

NEW FEATURE

Released the first version of SailPoint IdentityNow.
New features:

  • Account activities: Account activities entries.

  • Events: Event related to management console.

Recommended version