Community Announcements

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
lorrin_minton
Community Manager
Community Manager

Today, we give a big QUACK, QUACK to having 100,000 Compass community members! This remarkable moment would not have been possible if it wasn't for each and every one of you. Your individual perspectives and passion truly make this community a special place.  

To celebrate this momentous occasion, and to thank each of you, we will be providing everyone that has been with us during this time a 100K member badge!

Screenshot 2024-02-28 at 1.05.21 PM.png

 In addition, we will be providing 25 extra bonus points to help elevate your community rank (and bragging rights) to the first 50 people that find the hidden rubber duckie in the community and direct message me a screenshot.  

Screenshot 2024-02-27 at 12.58.28 PM.png

What began as a small space in 2014 for SailPoint customers and partners, has grown to what we believe is the go-to destination for all identity security individuals.  

We look forward to continuing to learn and grow together. If there is ever anything I can do for you, please do not hesitate to direct message me here, right in the Compass Community.  

Read more
19 0 383
rose_cobb
SailPoint Employee
SailPoint Employee

Since February of 2023, SailPoint has been actively working on the deprecation of non-public APIs, replacing outdated functionality with more modern solutions. If you are a SailPoint Identity Security Cloud or IdentityNow customer, please note that non-public API endpoints will be deprecated on March 31, 2024.

Not sure if this message applies to you? Any API that doesn’t start with /v3 or /beta is considered a legacy non-public API.

We encourage you to take the following streps if you’re currently using non-public API endpoints:

  1. Join our bi-weekly API deprecation office hours
    Whether you need assistance with object mappings, data types, or understanding how to change your API calls for our SDKs, our bi-weekly sessions are a great way to connect. View the Developer Community events calendar and register for the next office hours.
  2. Visit the API deprecation help center
    Swing by the help center for specific details about the endpoints being deprecated, their suitable replacements, and an opportunity to discuss any challenges or questions with our Developer Relations team.
  3. Subscribe to the API deprecation category
    Be the first to know about any depreciation updates. Subscribe to notifications in the #idn:api-deprecations category by clicking on the “bell” icon in the top right and setting your notification preference to “tracking” or higher.
  4. Connect with your Customer Success team
    Have burning questions, concerns, or just want to talk? Your Customer Success team is here for you! Please reach out to your CSM anytime. 

In addition to the resources listed above, you can also submit a request for an architect session or project review.

Please reach out to your customer success manager for any questions or concerns you may have. Your attention to this matter is truly appreciated, and we’re grateful for your ongoing partnership with SailPoint.

Read more
7 0 1,149
lorrin_minton
Community Manager
Community Manager

Happy 2024! Starting the year off right, make sure to opt into the SailPoint Certification Directory! Level up, showcase your achievements, and locate other SailPoint certified individuals. 

Not yet certified? Learn more here: https://community.sailpoint.com/t5/Professional-Certification/ct-p/product-certification-program 

Please reach out to compass-help@sailpoint.com with any questions.  

Read more
14 0 736
rose_cobb
SailPoint Employee
SailPoint Employee

As we go into the holiday season, please take note of our SailPoint Support Holiday Schedule as it may impact ticket response times:

  • December 25, 2023 – Closed 12AM – 12AM Central Time
  • January 1, 2024 - Closed 12AM – 12AM Central Time

Our offices will be closed for the holidays on December 25th, 2023 and January 1st, 2024. Responses to tickets opened during this time may be delayed.

If you experience any issues and need to open a Support Ticket while offices are closed, please take note of the Holiday Schedule response times from the SailPoint Support Guide.

Severity 1 issues will be handled 24 hours a day, 7 days a week, 365 days a year regardless of holiday schedule. Reminder to call in any Priority 1 tickets.

Non-severity 1 tickets will be responded to as soon as possible when regular hours resume.

Thank you for your partnership, we hope you have a wonderful holiday and a happy new year!

Read more
2 0 995
rose_cobb
SailPoint Employee
SailPoint Employee

If there’s one event I look forward to each year, it’s Navigate – it’s our chance to connect with our customers and bring the deepest level of identity security knowledge, expertise and perspective to you.

Our theme this year is Identity Security Accelerated. We are bringing a wide range of topics to the table, with a focus on education, inspiration and collaboration so that you to walk away with actionable insights to elevate, evolve, and accelerate your identity program. I look forward to seeing you there.

Meredith Blanchar,
Chief Customer Officer

 

Navigate 2023 preview, sessions we're looking forward to this year

Navigate 2023 is in Austin, TX, October 9 - 11, with an additional training day on October 12. View the agenda for sessions and topics, and register by August 25 to take advantage of the discounted summer rate of $1,095!

 

IAM program best practices: Building a program for long-term success
Learn best practices that allow you to drive your Identity Program forward more rapidly. We will talk about the lessons we continue to learn from our customers and share insights on how to be successful.

Unleashing non-employee IAM: A schema-less revolution
Driven by the principles of flexibility, scalability, and security, explore how current customers have embraced the schema-less Non-Employee Risk Management to seamlessly handle the onboarding, offboarding, and access management processes for these transient users without relying on rigid schemas or predefined structures.

SailPoint and ServiceNow: Integration, deployment tips & best practices
SailPoint’s integration with ServiceNow ensures secure access to IT resources to reduce helpdesk tickets and increase productivity. Get a comprehensive overview of ServiceNow integrations plus expert guidance, tips, and best practices from SailPoint’s Professional Services team for successful deployment in your organization.

Roadmap sessions: See what is new and upcoming
Don't miss the opportunity to hear from our subject matter experts on the latest and greatest! Discover how our product team and customers work together to deliver meaningful improvements to your SailPoint implementation to take on your day-to-day identity security requirements. Join a roadmap session for our SaaS offerings, IdentityIQ, or connectivity and integrations, to learn all about the updates and new capabilities that are coming soon.

 

Identity University: Skilled Sessions

Maximize your time at Navigate with an additional day of on-site training! Identity University: Skilled Sessions provides a full day of instructor-led training on SailPoint’s newest and most relevant technology—for a fraction of the regular cost. Register for $415, by attending, you will earn a $300 voucher toward any SailPoint Professional Certification exam in 2023.

 

View the agenda | Register for Navigate

 

Navigate Rewind, on-demand from last year's event

Check out popular sessions from last year to get an idea of what's to come.

 

The Power of Identity Security Uncompromised
Watch SailPoint co-founder and CEO Mark McClain opening keynote on how to take the calculated risks needed to accelerate digital transformation with identity security at the foundation of enterprise security.

The Future ‘Horizons’ of Identity Security
What are the future horizons of identity security? Hear from SailPoint’s Matt Mills and Chandra Gnanasambandam, McKinsey on how identity security will evolve in the next 3-5 years and what you can do to prepare for each horizon.

Operating, expanding, and modernizing identity
Deloitte together with USAA discuss how they are partnering to operate, expand and modernize identity.

Identity Security Challenges at scale
The Home Depot shares how they nail identity security challenges at scale.

 

Navigate on tour, join a city near you!

Can’t join us in Austin? Experience a one-day Navigate at one of our locations around the globe. See how identity security is accelerating through a local lens.

London | Singapore | Sydney | Washington, DC | Toronto | São Paulo

 

Never miss an update! Subscribe to Tradewinds, the quarterly customer newsletter, for new product announcements, community updates and an exciting look ahead!

Read more
3 0 1,422
sylvie_ferrari
Community Administrator
Community Administrator

SailPoint works toward continuous improvement of our Software as a Service (SaaS) features for our customers. On occasion, this results in changes that require existing software components and features to be removed. We support our customers through these changes in a structured process called end-of-life (EOL).

Learn more

Read more
2 0 1,891
rose_cobb
SailPoint Employee
SailPoint Employee

Tradewinds is our quarterly customer newsletter where we share news, product announcements, and community and training updates. In case you missed it, or you are not subscribe to receive our emails, continue reading for a recap of what happened in Q1. 

Read more...

Read more
2 0 1,625
lorrin_minton
Community Manager
Community Manager

  1. What did SailPoint announce on Jan 12, 2023? 

SailPoint announced it has acquired SecZetta, an early-stage identity company that helps organizations manage non-employee identities.

  1. Who is SecZetta and what do they do?

SecZetta provides non-employee identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity security strategies for non-employees. With SecZetta, organizations can discover, manage, and secure non-employee identities in a collaborative and consistent manner, from both internal and external sources, throughout the lifecycle of their non-employee population.

  1. Why did SailPoint decide to acquire SecZetta? 

Organizations today are managing a wide range of identities beyond employees.  Partners, seasonal workers, and vendors now make up a large percentage of a company’s workforce and managing their identities is complex.  Because of this, organizations are looking for a solution that can bring all these critical identities under control.  

SailPoint + SecZetta gives organizations access to a powerful identity security solution that extends advanced governance controls to large and complex populations of non-employee users deep into applications like ServiceNow and Salesforce. By leveraging our advanced AI functionality organizations can ensure that applications and data are secure by granting access to only the right identities at the right time, no matter if they are employees or non-employees like partners, temporary workers, software bots or contractors.

  1. How does this acquisition of SecZetta relate to SailPoint’s Identity Security Cloud? 

The traditional approach to managing employees' identities in one system and non-employee identities through a separate system or even manually is no longer enough.  Businesses need a solution for managing and identifying the full universe of identities that touch the organization, including non-employee identities and their relationships to other identities. 

Leveraging the integration between SailPoint Identity Security Cloud and SecZetta, customers can easily manage the simplest to the most complex scenarios when it comes to non-employee identities the same way they are currently managing employee identities.

  1. What products does SecZetta currently have?

SecZetta currently offers the following solutions:

  • Third-Party Identity Lifecycle Management– base solution that includes Process Orchestration, Relationship & Personal Management, Risk Scoring, & Collaboration for third-party identities
  • Identity Consolidation - enables organizations to simplify their Identity Governance and Administration (IGA) efforts by merging and organizing people data from many different sources such as disparate HR systems or other authoritative repositories, establishing, and maintaining master identities in a centralized repository.
  • Identity Proofing - enables organizations to invoke large scale or individual identity verification during the onboarding process or at any time throughout the third-party identity lifecycle
  1. When will the new offering based on this acquisition be available and how will it be packaged and priced?

The team is currently working on the packaging and pricing plan. More information will be shared in the coming weeks. 

  1. How is what SailPoint offers for a non-employee lifecycle management (NELM) solution different from what this acquisition will provide?

Our current NELM solution performs requests and approvals for the management of non-employee (human only) identities and acts as a repository for these identities. Combined with SecZetta, we will offer a robust set of capabilities to manage and govern non-employee identities (human and non-human). More information will be shared soon.

  1. I’m a SecZetta customer. Where can I go for support if I’m in the middle of a project and have questions?  

During this transition, for those customers in the middle of a project and in need of support, please reach out to Chris Thomas and/or Tina Timmerman

  1. What should I do next?

Take a moment to say hello in the SailPoint Community! The community is here to offer general guidance and support as you continue your identity security journey. Register and then visit the welcome forum to create your first post. Tell everyone a bit about yourself, and start connecting with your peers.

Read more
8 0 3,288
Denise_Hanson
Community Administrator
Community Administrator

SailPoint has reviewed the LastPass security breach originally announced on November 30, 2022 and last updated on December 22, 2022 and has completed all the remediation activities recommended by LastPass. To date, no indicators of compromise have been detected. No further action is needed.

If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the product-specific blogs on Compass for future security and other important announcements related to the individual products.

Read more
2 0 2,070
lorrin_minton
Community Manager
Community Manager

Potentially Impacted Products: IdentityNow (IDN), IdentityAI (IAI), and IDN Virtual Appliance (VA)

 

SailPoint has upgraded all products that use a vulnerable version of OpenSSL 3.0.x to OpenSSL 3.0.7 which addresses the high severity vulnerabilities CVE-2022-3786 and CVE-2022-3602.

 

If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the product-specific blogs on Compass for future security and other important announcements related to the individual products

Read more
3 0 1,902
lorrin_minton
Community Manager
Community Manager

The new Support Portal is live! Continue reading for more information or go see it in action. Don’t worry about resetting your support credentials. If you used the previous Support Portal, your profile and ticket history was migrated to the new platform.

In case you missed our previous post about the new features, you can see them here:

  • Navigate between the community and the Support Portal through the global header
  • Get answers quickly by browsing through recommended knowledge base articles
  • Respond to open tickets through the portal or email
  • Use an integrated attachment system to easily upload files within your ticket
  • View your balance of Expert Services hours
  • Export tickets via PDF, Excel Spreadsheet and CSV

We truly believe that the new Support Portal will provide a better experience through these features and more. Start exploring now or check out the tutorial.

Read more
9 0 3,278
lorrin_minton
Community Manager
Community Manager

Potentially Impacted Products: IdentityNow (IDN), IdentityAI (IAI), and IDN Virtual Appliance (VA)

SailPoint has reviewed the currently available information on the recently announced OpenSSL vulnerabilities (CVE-2022-3786 and CVE-2022-3602) and determined that some SailPoint products use versions of OpenSSL that are impacted by these vulnerabilities.

Exploiting these 2 vulnerabilities requires that applications continue certificate validation despite failure to construct a path to a trusted issuer or for the Certificate Authority (CA) to have signed a malicious certificate, neither of which is applicable to IDN, IAI, or the VA, unless customers configure their client authentication to continue certificate validation despite failure to construct a path to a trusted issuer. Out of an abundance of caution, all SailPoint products that use a vulnerable version of OpenSSL 3.0.x are targeted to be upgraded to use OpenSSL 3.0.7 within the SailPoint-established SLAs for high severity vulnerabilities.

Other SailPoint products such as IdentityIQ, Cloud Access Manager, File Access Manager, Access Risk Management, and SaaS Management are not impacted.

If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the product-specific blogs on Compass for future security and other important announcements related to the individual products

Read more
8 0 2,475
lorrin_minton
Community Manager
Community Manager

The new Support Portal launches November 6! Please take note, the current Support Portal will not be accessible while we implement these updates, from 5PM CT November 4 to 6PM CT November 6. You will still be able to call us to update a ticket or open a new one.

Don’t worry about resetting your support credentials. If you are an existing Support Portal user, your profile and ticket history will be migrated to the new platform.

With this update, you will be able to:

  • Navigate between the community and the Support Portal through the global header
  • Get answers quickly by browsing through recommended knowledge base articles
  • Respond to open tickets through the portal or email
  • Use an integrated attachment system to easily upload files within your ticket
  • View your balance of Expert Services hours
  • Export tickets via PDF, Excel Spreadsheet and CSV

We can’t wait for you to explore the updated portal! Subscribe to Community Announcements to receive a notification when the portal goes live.

Read more
25 0 3,026
lorrin_minton
Community Manager
Community Manager

We are excited to announce that as a part of Navigate 2022, you now have access to a virtual Community Day, bonus sessions on October 6 focused on developing you.  

 

Identity security as a profession is on the rise. A quick search for Identity and Access Management jobs on sites such as Zip Recruiter and Indeed pulls up over 50,000 jobs in the U.S., with salaries averaging around $123,000 annually. At SailPoint we believe that community can be a force multiplier for educating and advancing identity security professionals to meet the demands of our growing industry.  

 

Join us for our first virtual Community Day on October 6 as a part of Navigate 2022, where we will unveil how we are evolving the SailPoint Community. The day will feature professional development sessions, including: 

  • Tips on getting SailPoint certified to validate your expertise 
  • Technical training for implementers, developers, and administrators 
  • Insight on how to take your Identity Security career to the next level 

Check out the Community Day agenda for more details. 

 

Community Day is available to all Navigate 2022 attendees at no additional cost. If you haven’t registered for Navigate, you can still take advantage of early bird pricing until September 23. If you’ve already registered for Navigate 2022, just be sure to login and add Community Day sessions to your schedule. 

 

Register for Navigate 2022 and join us virtually for Community Day on October 6. 

Read more
5 0 1,759
lorrin_minton
Community Manager
Community Manager

At this time, Twilio has informed all impacted customers via email and SailPoint has not received any email notification that our systems or products are affected by the Twilio customer data breach.  We are continuing to monitor the situation and will update our customers if anything changes.

Read more
1 0 1,993
lorrin_minton
Community Manager
Community Manager

Update: Navigate 2022 now available on-demand

 

Navigate 2022, Identity Security: Uncompromised is now available on-demand! The ultimate identity security experience was live streamed virtually this year on October 4-6.

 

Learn how you can transform your identity program to drive gains in efficiency, productivity, and economic value.

 

The highlights of this year’s agenda include:

  • Keynotes: “The Power of Identity Security Uncompromised” & “The Future ‘Horizons’ of Identity Security”
  • Customer Panel: Hear success stories on using identity to drive digital transformation
  • Announcements: See what exciting new announcements and innovations lie ahead for the future of identity security
  • Community Day: Discover how to harness the power of the SailPoint Community, sharpen you skills with technical training, and attend career development sessions

 

To watch on-demand, visit Navigate 2022, Identity Security: Uncompromised.

Read more
2 0 2,536
lorrin_minton
Community Manager
Community Manager

We have an exciting update to share! We just rolled out a refresh to our brand that clearly positions SailPoint as core to securing your business. Our new brand identity underscores SailPoint as the modern enterprise security powerhouse in identity today. Learn more on what our new brand identity looks like: Welcome to the Core of Identity Security

 

Your SailPoint products are as powerful as ever. While you will see a new logo and branding in the product and in our communications to you, please rest assured that you will be treated with the same level of integrity, attention and support you’ve come to expect from SailPoint.

 

Visit the blog for more information, or browse the community and www.sailpoint.com to see the refreshed brand come to life.

Read more
6 0 3,347
lorrin_minton
Community Manager
Community Manager

We are excited announce the launch of a new “In Discovery” page on Compass!

“In Discovery” is a centralized home for all active product research projects across all SailPoint solutions and will provide Compass Community members visibility into the business problems our teams are researching for consideration of future development. Members can subscribe to these pages to be notified on updates, track ongoing progress, and even participate in research by providing input on the items most important to your organization. As an extension of our Ideas Portal, “In Discovery” research is the bridge that helps us iterate and expand an idea into a validated set of product requirements that can then be prioritized for potential inclusion in our product roadmap.

With this new process, Community Members can:

Gain visibility to business problems SailPoint is currently researching for potential future product initiatives. “Subscribe” to receive alerts on updates and engagement opportunities.

Impact SailPoint solutions by participating in surveys, interviews, UX reviews, and other feedback opportunities as they arise. These opportunities will be posted within the individual project pages, as they are made available.

Our Product Team looks forward to hearing your input!

Visit the new In Discovery page here: Community > Innovation > In Discovery

Read more
5 0 2,576
lorrin_minton
Community Manager
Community Manager

Every day we become more heartbroken as the war in Ukraine continues. Our thoughts are with the Ukrainian people and with our partners and employees who work in the region, or have family and friends affected by the senseless violence. 

I want to update you on some of the things SailPoint has done from the beginning to show our support. 

SailPoint contractors in the region are not required to work, but will continue to receive their salary, and are encouraged to focus on their family and friends. 

To support the global humanitarian response, SailPoint will match employee donations 1:1 through the SailPoint Gives Back Foundation. Funds will be distributed to the Red Cross for the crisis in Ukraine. 

Please continue to reach out to us if you have any concerns or questions. We understand that those who are geographically closer to the war may have greater feelings of despair. We are here to listen and help in any way we can. 

Read more
6 0 2,086
lorrin_minton
Community Manager
Community Manager

Impacted Products: None

SailPoint has reviewed the currently available information on the Spring Framework RCE vulnerability (CVE-2022-22965), also referred to as Spring4Shell, and determined that SailPoint products are not impacted by this vulnerability. Some of SailPoint products use Spring Framework, however the other necessary conditions to exploit this vulnerability aren't present. Those products will upgrade to a Spring Framework version that isn't impacted by this vulnerability in the near future.

If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the product-specific blogs on Compass for future security and other important announcements related to the individual products.

Read more
16 0 4,240
lorrin_minton
Community Manager
Community Manager

Visit Identity University to experience the new features and design. For a guided walk though, check out Identity University New Learner Experience before you start exploring.

Additional information can be located here .

Read more
1 0 2,103
lorrin_minton
Community Manager
Community Manager

We are excited to announce that the new Identity University launches March 18, 2022

Browse the user-friendly catalog and build a training plan using the training paths, or by selecting courses based on role, task, or solution. Whether it’s a QuickLearn, or a longer multi-part course, the new Identity University learning management system makes it even easier to purchase, register and complete your training.

Additional information can be located here.

Read more
3 0 1,813
lorrin_minton
Community Manager
Community Manager

Ahoy, Matey!

We snooped around and identified a few hot topics you may be interested in. However, we want to hear from YOU.

Walk the plank to this link and let us know what questions YOU would like answered by our SailPoint experts at our next Office Hour on March 31, 2022.

Please provide your thoughts by end of day March 11, 2022 so we can set sail.  

roles-icon-2color-01.png

Upcoming Webinars:

What? Crash Course: Best Practices to Manage Service Accounts in IdentityIQ

When? March 10, 2022 @ 10AM CST / 5PM GMT

Where? Register and learn more here

Read more
3 0 1,958
lorrin_minton
Community Manager
Community Manager

Impacted Products: IdentityIQ (IIQ), File Access Manager (FAM), and Identity Now Cloud Connector Gateway (IDN CCG) deployments where customers have modified out of the box log4j2 configuration to use a JDBC Appender with a data source referencing a JNDI URI.

SailPoint has upgraded all impacted products to Log4J 2.17.1 which addresses the most recent Remote Code Execution (RCE) vulnerability (CVE-2021-44832) and all previously identified Log4J vulnerabilities. For more information on individual product upgrades, refer to the Identity IQ blog post and the File Access Manager blog post.

 

Please subscribe to the product-specific blogs for future security and other important announcements related to the individual products.

Read more
9 0 3,454
lorrin_minton
Community Manager
Community Manager

Impacted Products: IdentityIQ, File Access Manager, and IdentityNow Cloud Connector Gateway deployments where customers have modified out of the box log4j2 configuration to use a JDBC Appender with a data source referencing a JNDI URI.

SailPoint has analyzed the recently-identified Remote Code Execution (RCE) vulnerability (CVE-2021-44832) and has determined that since SailPoint products, other than instances of IdentityIQ, File Access Manager, and IdentityNow Cloud Connector Gateway where the customer has made certain modifications to the default Log4j configuration, do not use the JDBC Appender and are not impacted by this vulnerability

IdentityIQ, File Access Manager, and IdentityNow Cloud Connector Gateway do not use the JDBC Appender out of the box, however customers have the ability to modify the out of the box appenders in log4j2.properties which might render them susceptible to this vulnerability. As documented in the CVE and guidance from the Apache Logging Services Project, JNDI URIs should not be used in the data source configuration for a JDBC Appender as a mitigation for this vulnerability. 

SailPoint plans to upgrade IdentityIQ, File Access Manager, and IdentityNow Cloud Connector Gateway to Log4J 2.17.1 in January 2022.

Read more
16 0 4,660
lorrin_minton
Community Manager
Community Manager

Impacted Products: IdentityIQ and File Access Manager deployments where customers have modified out of the box log4j2 configuration to allow context lookups

SailPoint has analyzed the recently-identified DoS vulnerability in Log4J (CVE-2021-45105) and has determined that since SailPoint products, other than instances of IdentityIQ and File Access Manager where the customer has made certain modifications discussed in the next sentence, do not allow context lookups, this vulnerability does not impact SailPoint products.

IdentityIQ and File Access Manager do not use context lookups out of the box, however customers have the ability to modify the out of the box pattern layouts in log4j2.properties to use context lookups which might render them susceptible to this vulnerability. As documented in the CVE and guidance from the Apache Logging Services Project, context lookups using the pattern ${ctx: should be removed or replaced with Thread Context Map patterns (%X, %mdc, or %MDC).  

SailPoint plans to upgrade IdentityIQ and File Access Manager to Log4J 2.17.0 in January 2022. 

Read more
12 0 4,593
lorrin_minton
Community Manager
Community Manager

Impacted Products: IdentityIQ and File Access Manager deployments where customers have modified out of the box pattern layouts in log4j2.properties.

SailPoint is aware of the recently-identified DoS vulnerability in Log4J (CVE-2021-45105) and have reviewed the vulnerability information provided by the Apache Logging Services Project. Based on our initial analysis, we do not believe this vulnerability impacts SailPoint products, with the exception of IdentityIQ or File Access Manager customers that have modified the out of the box pattern layouts in log4j2.properties to include the tokens identified in the CVE.

We will continue to analyze this issue and provide further guidance in the next few days.

Read more
9 0 4,873
lorrin_minton
Community Manager
Community Manager

Impacted products: IdentityAI

SailPoint has deployed the latest release of IdentityIQ harvester for IdentityAI which addresses the Log4J Remote Code Execution (RCE) and Denial of Service (DoS) vulnerabilities (CVE-2021-44228CVE-2021-45046) by upgrading to Log4J 2.16.0. No action is needed.

 

Read more
0 0 1,963
lorrin_minton
Community Manager
Community Manager

Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI

Update

These security fixes have been superseded by updates to Log4j 2.17.1 for the following products:

 


SailPoint has addressed the Log4J RCE and DoS vulnerabilities (CVE-2021-44228CVE-2021-45046) by upgrading to Log4J 2.16.0.

IdentityIQ and File Access Manager customers can refer to latest IdentityIQ and File Access Manager blog posts for instructions on how to deploy the latest releases. IdentityIQ harvester is still being upgraded, and we expect the upgrade to be deployed later today (Friday, December 17, Central Time).  We will issue further communications once the updated IdentityIQ harvester has been deployed. 

IdentityNow and IdentityAI have also upgraded to Log4J 2.16.0 and Cloud Connector Gateway (CCG) version 658 has been automatically deployed. For customers who have not received the automatic CCG update, SailPoint customer service is reaching out in order to upgrade those instances.  The CCG version is visible to customer admins in the IdentityNow UI.

Read more
6 0 2,428
lorrin_minton
Community Manager
Community Manager

Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI

SailPoint has mitigated the Log4J RCE vulnerability (CVE-2021-44228) in all impacted products per the recommendations provided by the Apache Logging Services Project. We are aware of newly-released analysis stating that the previously-provided recommendation does not fully mitigate the RCE vulnerability. We are also aware of the recently-identified Log4J DoS vulnerability (CVE-2021-45046) that is applicable to the impacted products.

We are actively working on fully addressing both vulnerabilities by upgrading to Log4J 2.16.0. We expect product releases that include the updated library to be available by the end of day (CST) Friday 12/17/2021.

We will be issuing further communications once new releases are available. No action is needed at this time.

Read more
12 0 4,063