SailPoint Identity Security Cloud OpenID Connect Provider
Enterprise workforce identity governance platform from the USA. SailPoint Identity Security Cloud (ISC) exposes an OAuth 2.0 / OpenID Connect layer primarily for API access and external application SSO. Supports authorization code and client credentials grants; PKCE not yet supported. Hosted on AWS with US, EU, and UK regions. FedRAMP Moderate authorized, SOC 2 Type II and ISO 27001 certified.
Features
If you want to compare OpenID Connect features of different providers, please check out the OpenID Connect Providers benchmark.
Looking for SailPoint Identity Security Cloud’s (C)IAM features like MFA, SSO, and user management? View SailPoint Identity Security Cloud on the (C)IAM Identity Providers benchmark.
Frequently Asked Questions
Does SailPoint Identity Security Cloud support the Authorization Code grant type?
SailPoint Identity Security Cloud supports Authorization Code grant type. Clients exchange an authorization code for an access_token after user login on ISC. Authorization endpoint: https://[tenant].login.sailpoint.com/oauth/authorize. Token endpoint: https://[tenant].api.identitynow.com/oauth/token. Read more
Does SailPoint Identity Security Cloud support the Refresh Token grant type?
SailPoint Identity Security Cloud supports Refresh Token grant type. Clients use this grant type to exchange a refresh token for a new access_token when the existing one has expired. Read more
Does SailPoint Identity Security Cloud support the Client Credentials grant type?
SailPoint Identity Security Cloud supports Client Credentials grant type. Client credentials grant is supported for machine-to-machine / service-to-service authentication without user involvement (scripts, programs, system integrations). Read more
Does SailPoint Identity Security Cloud support the Implicit grant type?
SailPoint Identity Security Cloud does not support Implicit grant type. Implicit grant is not documented in SailPoint ISC OAuth 2.0 implementation.
Does SailPoint Identity Security Cloud support the Token Exchange grant type?
SailPoint Identity Security Cloud does not support Token Exchange grant type. OAuth 2.0 Token Exchange (RFC 8693) is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the Client Initiated BackChannel Authentication grant type?
SailPoint Identity Security Cloud does not support Client Initiated BackChannel Authentication grant type. Client-Initiated Backchannel Authentication (CIBA) is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the Device Authorization Grant grant type?
SailPoint Identity Security Cloud does not support Device Authorization Grant grant type. Device Authorization Grant (RFC 8628) is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the JWT Bearer Token grant type?
SailPoint Identity Security Cloud does not support JWT Bearer Token grant type. JWT Bearer grant type (RFC 7523) is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the SAML 2.0 Bearer Assertion grant type?
SailPoint Identity Security Cloud does not support SAML 2.0 Bearer Assertion grant type. SAML 2.0 Bearer grant type (RFC 7522) is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the Resource Owner Password Credentials grant type?
SailPoint Identity Security Cloud does not support Resource Owner Password Credentials grant type. Resource owner password credentials grant is not documented for SailPoint ISC.
Does SailPoint Identity Security Cloud support the PKCE extension?
SailPoint Identity Security Cloud does not support PKCE extension. SailPoint confirmed that ISC's authorization implementation does not currently support PKCE. It is being evaluated as part of potential OAuth 2.1 adoption, with no published timeline. Read more
Does SailPoint Identity Security Cloud support the PAR extension?
SailPoint Identity Security Cloud does not support PAR extension. Pushed Authorization Requests (PAR) are not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the RAR extension?
SailPoint Identity Security Cloud does not support RAR extension. Rich Authorization Requests (RAR) are not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the JAR extension?
SailPoint Identity Security Cloud does not support JAR extension. JWT Secured Authorization Requests (JAR) are not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the Authorization Endpoint endpoint?
SailPoint Identity Security Cloud supports Authorization Endpoint endpoint. Authorization endpoint at https://[tenant].login.sailpoint.com/oauth/authorize. Read more
Does SailPoint Identity Security Cloud support the Token Endpoint endpoint?
SailPoint Identity Security Cloud supports Token Endpoint endpoint. Token endpoint at https://[tenant].api.identitynow.com/oauth/token. Read more
Does SailPoint Identity Security Cloud support the UserInfo Endpoint endpoint?
SailPoint Identity Security Cloud supports UserInfo Endpoint endpoint. Userinfo endpoint at https://[tenant].api.identitynow.com/oauth/userinfo. Returns id, uid, email, phone, workPhone, firstname, lastname, capabilities, displayName, name. Read more
Does SailPoint Identity Security Cloud support the Device Authorization Endpoint endpoint?
SailPoint Identity Security Cloud does not support Device Authorization Endpoint endpoint. Device authorization endpoint is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the client_secret_basic token endpoint authentication method?
SailPoint Identity Security Cloud partially supports client_secret_basic token endpoint authentication method. HTTP Basic authentication with client_id and client_secret may be supported as a standard OAuth 2.0 pattern, but is not explicitly documented. Documentation shows form-body (client_secret_post) as the primary method.
Does SailPoint Identity Security Cloud support the client_secret_post token endpoint authentication method?
SailPoint Identity Security Cloud supports client_secret_post token endpoint authentication method. Client credentials submitted as form-encoded body parameters (client_id and client_secret in x-www-form-urlencoded body) are the documented authentication method for ISC token requests. Read more
Does SailPoint Identity Security Cloud support the client_secret_jwt token endpoint authentication method?
SailPoint Identity Security Cloud does not support client_secret_jwt token endpoint authentication method. client_secret_jwt token endpoint authentication is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the private_key_jwt token endpoint authentication method?
SailPoint Identity Security Cloud does not support private_key_jwt token endpoint authentication method. private_key_jwt token endpoint authentication is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the tls_client_auth token endpoint authentication method?
SailPoint Identity Security Cloud does not support tls_client_auth token endpoint authentication method. Mutual TLS client authentication (RFC 8705) is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the Dynamic Client Registration Protocol feature?
SailPoint Identity Security Cloud does not support Dynamic Client Registration Protocol feature. Dynamic Client Registration (RFC 7591) is not supported. OAuth clients must be registered manually through the SailPoint ISC admin console.
Does SailPoint Identity Security Cloud support the Dynamic Client Registration Management Protocol feature?
SailPoint Identity Security Cloud does not support Dynamic Client Registration Management Protocol feature. Dynamic Client Registration Management (RFC 7592) is not supported in SailPoint ISC.
Does SailPoint Identity Security Cloud support the OAuth 2.0 Demonstrating Proof of Possession (DPoP) feature?
SailPoint Identity Security Cloud does not support OAuth 2.0 Demonstrating Proof of Possession (DPoP) feature. Demonstrating Proof of Possession (DPoP / RFC 9449) is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the FAPI 1.0 Security Profile - Part 1: Baseline feature?
SailPoint Identity Security Cloud does not support FAPI 1.0 Security Profile - Part 1: Baseline feature. FAPI 1.0 Baseline profile is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the FAPI 1.0 Security Profile - Part 2: Advanced feature?
SailPoint Identity Security Cloud does not support FAPI 1.0 Security Profile - Part 2: Advanced feature. FAPI 1.0 Advanced profile is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the FAPI 2.0 Security Profile feature?
SailPoint Identity Security Cloud does not support FAPI 2.0 Security Profile feature. FAPI 2.0 Security Profile is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the FAPI 2.0 Message Signing feature?
SailPoint Identity Security Cloud does not support FAPI 2.0 Message Signing feature. FAPI 2.0 Message Signing is not documented in SailPoint ISC.
Does SailPoint Identity Security Cloud support the JARM feature?
SailPoint Identity Security Cloud does not support JARM feature. JWT Secured Authorization Response Mode (JARM) is not documented in SailPoint ISC.
Note: The current data is based on provider documentation/experience and may not be 100% accurate. Please open an issue if you have spotted any inconsistencies.