SailPoint Identity Security Cloud

SailPoint Identity Security Cloud Fournisseur OpenID Connect

Enterprise workforce identity governance platform from the USA. SailPoint Identity Security Cloud (ISC) exposes an OAuth 2.0 / OpenID Connect layer primarily for API access and external application SSO. Supports authorization code and client credentials grants; PKCE not yet supported. Hosted on AWS with US, EU, and UK regions. FedRAMP Moderate authorized, SOC 2 Type II and ISO 27001 certified.

Fonctionnalités

Si vous souhaitez comparer les fonctionnalités OpenID Connect de différents fournisseurs, consultez le benchmark des fournisseurs OpenID Connect.

Vous cherchez les fonctionnalités (C)IAM de SailPoint Identity Security Cloud comme MFA, SSO et gestion des utilisateurs ? Voir SailPoint Identity Security Cloud sur le benchmark des fournisseurs d'identité (C)IAM.

Foire aux questions

SailPoint Identity Security Cloud prend-il en charge Authorization Code grant type ?

SailPoint Identity Security Cloud prend en charge Authorization Code grant type. Clients exchange an authorization code for an access_token after user login on ISC. Authorization endpoint: https://[tenant].login.sailpoint.com/oauth/authorize. Token endpoint: https://[tenant].api.identitynow.com/oauth/token. En savoir plus

SailPoint Identity Security Cloud prend-il en charge Refresh Token grant type ?

SailPoint Identity Security Cloud prend en charge Refresh Token grant type. Clients use this grant type to exchange a refresh token for a new access_token when the existing one has expired. En savoir plus

SailPoint Identity Security Cloud prend-il en charge Client Credentials grant type ?

SailPoint Identity Security Cloud prend en charge Client Credentials grant type. Client credentials grant is supported for machine-to-machine / service-to-service authentication without user involvement (scripts, programs, system integrations). En savoir plus

SailPoint Identity Security Cloud prend-il en charge Implicit grant type ?

SailPoint Identity Security Cloud ne prend pas en charge Implicit grant type. Implicit grant is not documented in SailPoint ISC OAuth 2.0 implementation.

SailPoint Identity Security Cloud prend-il en charge Token Exchange grant type ?

SailPoint Identity Security Cloud ne prend pas en charge Token Exchange grant type. OAuth 2.0 Token Exchange (RFC 8693) is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge Client Initiated BackChannel Authentication grant type ?

SailPoint Identity Security Cloud ne prend pas en charge Client Initiated BackChannel Authentication grant type. Client-Initiated Backchannel Authentication (CIBA) is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge Device Authorization Grant grant type ?

SailPoint Identity Security Cloud ne prend pas en charge Device Authorization Grant grant type. Device Authorization Grant (RFC 8628) is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge JWT Bearer Token grant type ?

SailPoint Identity Security Cloud ne prend pas en charge JWT Bearer Token grant type. JWT Bearer grant type (RFC 7523) is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge SAML 2.0 Bearer Assertion grant type ?

SailPoint Identity Security Cloud ne prend pas en charge SAML 2.0 Bearer Assertion grant type. SAML 2.0 Bearer grant type (RFC 7522) is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge Resource Owner Password Credentials grant type ?

SailPoint Identity Security Cloud ne prend pas en charge Resource Owner Password Credentials grant type. Resource owner password credentials grant is not documented for SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge PKCE extension ?

SailPoint Identity Security Cloud ne prend pas en charge PKCE extension. SailPoint confirmed that ISC's authorization implementation does not currently support PKCE. It is being evaluated as part of potential OAuth 2.1 adoption, with no published timeline. En savoir plus

SailPoint Identity Security Cloud prend-il en charge PAR extension ?

SailPoint Identity Security Cloud ne prend pas en charge PAR extension. Pushed Authorization Requests (PAR) are not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge RAR extension ?

SailPoint Identity Security Cloud ne prend pas en charge RAR extension. Rich Authorization Requests (RAR) are not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge JAR extension ?

SailPoint Identity Security Cloud ne prend pas en charge JAR extension. JWT Secured Authorization Requests (JAR) are not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge Authorization Endpoint endpoint ?

SailPoint Identity Security Cloud prend en charge Authorization Endpoint endpoint. Authorization endpoint at https://[tenant].login.sailpoint.com/oauth/authorize. En savoir plus

SailPoint Identity Security Cloud prend-il en charge Token Endpoint endpoint ?

SailPoint Identity Security Cloud prend en charge Token Endpoint endpoint. Token endpoint at https://[tenant].api.identitynow.com/oauth/token. En savoir plus

SailPoint Identity Security Cloud prend-il en charge UserInfo Endpoint endpoint ?

SailPoint Identity Security Cloud prend en charge UserInfo Endpoint endpoint. Userinfo endpoint at https://[tenant].api.identitynow.com/oauth/userinfo. Returns id, uid, email, phone, workPhone, firstname, lastname, capabilities, displayName, name. En savoir plus

SailPoint Identity Security Cloud prend-il en charge Device Authorization Endpoint endpoint ?

SailPoint Identity Security Cloud ne prend pas en charge Device Authorization Endpoint endpoint. Device authorization endpoint is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge client_secret_basic méthode d'authentification du token endpoint ?

SailPoint Identity Security Cloud prend partiellement en charge client_secret_basic méthode d'authentification du token endpoint. HTTP Basic authentication with client_id and client_secret may be supported as a standard OAuth 2.0 pattern, but is not explicitly documented. Documentation shows form-body (client_secret_post) as the primary method.

SailPoint Identity Security Cloud prend-il en charge client_secret_post méthode d'authentification du token endpoint ?

SailPoint Identity Security Cloud prend en charge client_secret_post méthode d'authentification du token endpoint. Client credentials submitted as form-encoded body parameters (client_id and client_secret in x-www-form-urlencoded body) are the documented authentication method for ISC token requests. En savoir plus

SailPoint Identity Security Cloud prend-il en charge client_secret_jwt méthode d'authentification du token endpoint ?

SailPoint Identity Security Cloud ne prend pas en charge client_secret_jwt méthode d'authentification du token endpoint. client_secret_jwt token endpoint authentication is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge private_key_jwt méthode d'authentification du token endpoint ?

SailPoint Identity Security Cloud ne prend pas en charge private_key_jwt méthode d'authentification du token endpoint. private_key_jwt token endpoint authentication is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge tls_client_auth méthode d'authentification du token endpoint ?

SailPoint Identity Security Cloud ne prend pas en charge tls_client_auth méthode d'authentification du token endpoint. Mutual TLS client authentication (RFC 8705) is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge Dynamic Client Registration Protocol fonctionnalité ?

SailPoint Identity Security Cloud ne prend pas en charge Dynamic Client Registration Protocol fonctionnalité. Dynamic Client Registration (RFC 7591) is not supported. OAuth clients must be registered manually through the SailPoint ISC admin console.

SailPoint Identity Security Cloud prend-il en charge Dynamic Client Registration Management Protocol fonctionnalité ?

SailPoint Identity Security Cloud ne prend pas en charge Dynamic Client Registration Management Protocol fonctionnalité. Dynamic Client Registration Management (RFC 7592) is not supported in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge OAuth 2.0 Demonstrating Proof of Possession (DPoP) fonctionnalité ?

SailPoint Identity Security Cloud ne prend pas en charge OAuth 2.0 Demonstrating Proof of Possession (DPoP) fonctionnalité. Demonstrating Proof of Possession (DPoP / RFC 9449) is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge FAPI 1.0 Security Profile - Part 1: Baseline fonctionnalité ?

SailPoint Identity Security Cloud ne prend pas en charge FAPI 1.0 Security Profile - Part 1: Baseline fonctionnalité. FAPI 1.0 Baseline profile is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge FAPI 1.0 Security Profile - Part 2: Advanced fonctionnalité ?

SailPoint Identity Security Cloud ne prend pas en charge FAPI 1.0 Security Profile - Part 2: Advanced fonctionnalité. FAPI 1.0 Advanced profile is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge FAPI 2.0 Security Profile fonctionnalité ?

SailPoint Identity Security Cloud ne prend pas en charge FAPI 2.0 Security Profile fonctionnalité. FAPI 2.0 Security Profile is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge FAPI 2.0 Message Signing fonctionnalité ?

SailPoint Identity Security Cloud ne prend pas en charge FAPI 2.0 Message Signing fonctionnalité. FAPI 2.0 Message Signing is not documented in SailPoint ISC.

SailPoint Identity Security Cloud prend-il en charge JARM fonctionnalité ?

SailPoint Identity Security Cloud ne prend pas en charge JARM fonctionnalité. JWT Secured Authorization Response Mode (JARM) is not documented in SailPoint ISC.