Community Announcements

lorrin_minton
Community Manager
Community Manager

We are excited to announce that as a part of Navigate 2022, you now have access to a virtual Community Day, bonus sessions on October 6 focused on developing you.  

 

Identity security as a profession is on the rise. A quick search for Identity and Access Management jobs on sites such as Zip Recruiter and Indeed pulls up over 50,000 jobs in the U.S., with salaries averaging around $123,000 annually. At SailPoint we believe that community can be a force multiplier for educating and advancing identity security professionals to meet the demands of our growing industry.  

 

Join us for our first virtual Community Day on October 6 as a part of Navigate 2022, where we will unveil how we are evolving the SailPoint Community. The day will feature professional development sessions, including: 

  • Tips on getting SailPoint certified to validate your expertise 
  • Technical training for implementers, developers, and administrators 
  • Insight on how to take your Identity Security career to the next level 

Check out the Community Day agenda for more details. 

 

Community Day is available to all Navigate 2022 attendees at no additional cost. If you haven’t registered for Navigate, you can still take advantage of early bird pricing until September 23. If you’ve already registered for Navigate 2022, just be sure to login and add Community Day sessions to your schedule. 

 

Register for Navigate 2022 and join us virtually for Community Day on October 6. 

Read more
3 0 108
lorrin_minton
Community Manager
Community Manager

At this time, Twilio has informed all impacted customers via email and SailPoint has not received any email notification that our systems or products are affected by the Twilio customer data breach.  We are continuing to monitor the situation and will update our customers if anything changes.

Read more
0 0 281
lorrin_minton
Community Manager
Community Manager

Update: Early Bird price for Navigate extended through September 23,2022.

 

Registration for Navigate 2022, Identity Security: Uncompromised is now open! The ultimate identity security experience will be live streamed virtually this year on October 4-5.

 

Attend from anywhere to learn how you can transform your identity program to drive gains in efficiency, productivity, and economic value.

 

The highlights of this year’s agenda include:

  • Keynotes: “The Power of Identity Security Uncompromised” & “The Future ‘Horizons’ of Identity Security”
  • Customer Panel: Hear success stories on using identity to drive digital transformation
  • Announcements: See what exciting new announcements and innovations lie ahead for the future of identity security

 

Register now – take advantage of early bird pricing, it’s $49 until September 23, 2022. Pricing increases to $99 after. You’ll also receive up to 25 hours of Continuing Professional Education (CPE) credits for attending.

 

To learn more, and to register, visit Navigate 2022, Identity Security: Uncompromised.

Read more
2 0 578
lorrin_minton
Community Manager
Community Manager

We have an exciting update to share! We just rolled out a refresh to our brand that clearly positions SailPoint as core to securing your business. Our new brand identity underscores SailPoint as the modern enterprise security powerhouse in identity today. Learn more on what our new brand identity looks like: Welcome to the Core of Identity Security

 

Your SailPoint products are as powerful as ever. While you will see a new logo and branding in the product and in our communications to you, please rest assured that you will be treated with the same level of integrity, attention and support you’ve come to expect from SailPoint.

 

Visit the blog for more information, or browse the community and www.sailpoint.com to see the refreshed brand come to life.

Read more
4 0 713
lorrin_minton
Community Manager
Community Manager

We are excited announce the launch of a new “In Discovery” page on Compass!

“In Discovery” is a centralized home for all active product research projects across all SailPoint solutions and will provide Compass Community members visibility into the business problems our teams are researching for consideration of future development. Members can subscribe to these pages to be notified on updates, track ongoing progress, and even participate in research by providing input on the items most important to your organization. As an extension of our Ideas Portal, “In Discovery” research is the bridge that helps us iterate and expand an idea into a validated set of product requirements that can then be prioritized for potential inclusion in our product roadmap.

With this new process, Community Members can:

Gain visibility to business problems SailPoint is currently researching for potential future product initiatives. “Subscribe” to receive alerts on updates and engagement opportunities.

Impact SailPoint solutions by participating in surveys, interviews, UX reviews, and other feedback opportunities as they arise. These opportunities will be posted within the individual project pages, as they are made available.

Our Product Team looks forward to hearing your input!

Visit the new In Discovery page here: Community > Innovation > In Discovery

Read more
4 0 848
lorrin_minton
Community Manager
Community Manager

Every day we become more heartbroken as the war in Ukraine continues. Our thoughts are with the Ukrainian people and with our partners and employees who work in the region, or have family and friends affected by the senseless violence. 

I want to update you on some of the things SailPoint has done from the beginning to show our support. 

SailPoint contractors in the region are not required to work, but will continue to receive their salary, and are encouraged to focus on their family and friends. 

To support the global humanitarian response, SailPoint will match employee donations 1:1 through the SailPoint Gives Back Foundation. Funds will be distributed to the Red Cross for the crisis in Ukraine. 

Please continue to reach out to us if you have any concerns or questions. We understand that those who are geographically closer to the war may have greater feelings of despair. We are here to listen and help in any way we can. 

Read more
5 0 743
lorrin_minton
Community Manager
Community Manager

Impacted Products: None

SailPoint has reviewed the currently available information on the Spring Framework RCE vulnerability (CVE-2022-22965), also referred to as Spring4Shell, and determined that SailPoint products are not impacted by this vulnerability. Some of SailPoint products use Spring Framework, however the other necessary conditions to exploit this vulnerability aren't present. Those products will upgrade to a Spring Framework version that isn't impacted by this vulnerability in the near future.

If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager. Please subscribe to the product-specific blogs on Compass for future security and other important announcements related to the individual products.

Read more
16 0 2,370
lorrin_minton
Community Manager
Community Manager

Visit Identity University to experience the new features and design. For a guided walk though, check out Identity University New Learner Experience before you start exploring.

Additional information can be located here .

Read more
1 0 772
lorrin_minton
Community Manager
Community Manager

We are excited to announce that the new Identity University launches March 18, 2022

Browse the user-friendly catalog and build a training plan using the training paths, or by selecting courses based on role, task, or solution. Whether it’s a QuickLearn, or a longer multi-part course, the new Identity University learning management system makes it even easier to purchase, register and complete your training.

Additional information can be located here.

Read more
3 0 639
lorrin_minton
Community Manager
Community Manager

Ahoy, Matey!

We snooped around and identified a few hot topics you may be interested in. However, we want to hear from YOU.

Walk the plank to this link and let us know what questions YOU would like answered by our SailPoint experts at our next Office Hour on March 31, 2022.

Please provide your thoughts by end of day March 11, 2022 so we can set sail.  

roles-icon-2color-01.png

Upcoming Webinars:

What? Crash Course: Best Practices to Manage Service Accounts in IdentityIQ

When? March 10, 2022 @ 10AM CST / 5PM GMT

Where? Register and learn more here

Read more
3 0 649
lorrin_minton
Community Manager
Community Manager

Impacted Products: IdentityIQ (IIQ), File Access Manager (FAM), and Identity Now Cloud Connector Gateway (IDN CCG) deployments where customers have modified out of the box log4j2 configuration to use a JDBC Appender with a data source referencing a JNDI URI.

SailPoint has upgraded all impacted products to Log4J 2.17.1 which addresses the most recent Remote Code Execution (RCE) vulnerability (CVE-2021-44832) and all previously identified Log4J vulnerabilities. For more information on individual product upgrades, refer to the Identity IQ blog post and the File Access Manager blog post.

 

Please subscribe to the product-specific blogs for future security and other important announcements related to the individual products.

Read more
8 0 1,305
lorrin_minton
Community Manager
Community Manager

Impacted Products: IdentityIQ, File Access Manager, and IdentityNow Cloud Connector Gateway deployments where customers have modified out of the box log4j2 configuration to use a JDBC Appender with a data source referencing a JNDI URI.

SailPoint has analyzed the recently-identified Remote Code Execution (RCE) vulnerability (CVE-2021-44832) and has determined that since SailPoint products, other than instances of IdentityIQ, File Access Manager, and IdentityNow Cloud Connector Gateway where the customer has made certain modifications to the default Log4j configuration, do not use the JDBC Appender and are not impacted by this vulnerability

IdentityIQ, File Access Manager, and IdentityNow Cloud Connector Gateway do not use the JDBC Appender out of the box, however customers have the ability to modify the out of the box appenders in log4j2.properties which might render them susceptible to this vulnerability. As documented in the CVE and guidance from the Apache Logging Services Project, JNDI URIs should not be used in the data source configuration for a JDBC Appender as a mitigation for this vulnerability. 

SailPoint plans to upgrade IdentityIQ, File Access Manager, and IdentityNow Cloud Connector Gateway to Log4J 2.17.1 in January 2022.

Read more
16 0 2,510
lorrin_minton
Community Manager
Community Manager

Impacted Products: IdentityIQ and File Access Manager deployments where customers have modified out of the box log4j2 configuration to allow context lookups

SailPoint has analyzed the recently-identified DoS vulnerability in Log4J (CVE-2021-45105) and has determined that since SailPoint products, other than instances of IdentityIQ and File Access Manager where the customer has made certain modifications discussed in the next sentence, do not allow context lookups, this vulnerability does not impact SailPoint products.

IdentityIQ and File Access Manager do not use context lookups out of the box, however customers have the ability to modify the out of the box pattern layouts in log4j2.properties to use context lookups which might render them susceptible to this vulnerability. As documented in the CVE and guidance from the Apache Logging Services Project, context lookups using the pattern ${ctx: should be removed or replaced with Thread Context Map patterns (%X, %mdc, or %MDC).  

SailPoint plans to upgrade IdentityIQ and File Access Manager to Log4J 2.17.0 in January 2022. 

Read more
12 0 2,748
lorrin_minton
Community Manager
Community Manager

Impacted Products: IdentityIQ and File Access Manager deployments where customers have modified out of the box pattern layouts in log4j2.properties.

SailPoint is aware of the recently-identified DoS vulnerability in Log4J (CVE-2021-45105) and have reviewed the vulnerability information provided by the Apache Logging Services Project. Based on our initial analysis, we do not believe this vulnerability impacts SailPoint products, with the exception of IdentityIQ or File Access Manager customers that have modified the out of the box pattern layouts in log4j2.properties to include the tokens identified in the CVE.

We will continue to analyze this issue and provide further guidance in the next few days.

Read more
9 0 2,933
lorrin_minton
Community Manager
Community Manager

Impacted products: IdentityAI

SailPoint has deployed the latest release of IdentityIQ harvester for IdentityAI which addresses the Log4J Remote Code Execution (RCE) and Denial of Service (DoS) vulnerabilities (CVE-2021-44228CVE-2021-45046) by upgrading to Log4J 2.16.0. No action is needed.

 

Read more
0 0 948
lorrin_minton
Community Manager
Community Manager

Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI

Update

These security fixes have been superseded by updates to Log4j 2.17.1 for the following products:

 


SailPoint has addressed the Log4J RCE and DoS vulnerabilities (CVE-2021-44228CVE-2021-45046) by upgrading to Log4J 2.16.0.

IdentityIQ and File Access Manager customers can refer to latest IdentityIQ and File Access Manager blog posts for instructions on how to deploy the latest releases. IdentityIQ harvester is still being upgraded, and we expect the upgrade to be deployed later today (Friday, December 17, Central Time).  We will issue further communications once the updated IdentityIQ harvester has been deployed. 

IdentityNow and IdentityAI have also upgraded to Log4J 2.16.0 and Cloud Connector Gateway (CCG) version 658 has been automatically deployed. For customers who have not received the automatic CCG update, SailPoint customer service is reaching out in order to upgrade those instances.  The CCG version is visible to customer admins in the IdentityNow UI.

Read more
6 0 1,466
lorrin_minton
Community Manager
Community Manager

Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI

SailPoint has mitigated the Log4J RCE vulnerability (CVE-2021-44228) in all impacted products per the recommendations provided by the Apache Logging Services Project. We are aware of newly-released analysis stating that the previously-provided recommendation does not fully mitigate the RCE vulnerability. We are also aware of the recently-identified Log4J DoS vulnerability (CVE-2021-45046) that is applicable to the impacted products.

We are actively working on fully addressing both vulnerabilities by upgrading to Log4J 2.16.0. We expect product releases that include the updated library to be available by the end of day (CST) Friday 12/17/2021.

We will be issuing further communications once new releases are available. No action is needed at this time.

Read more
12 0 2,463
lorrin_minton
Community Manager
Community Manager

Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI

SailPoint has fully mitigated the Log4J RCE vulnerability (CVE-2021-44228) in all impacted products.

We are aware of the recently-identified Log4J DoS vulnerability (CVE-2021-45046) that is also applicable to the impacted products. While this new DoS vulnerability has a low severity (CVSS score of 3.7 per NVD), we are actively working on addressing this vulnerability by upgrading to Log4J 2.16.0 and expect product releases that include the updated library to be available in the coming days.

We will be issuing further communications once this issue has been addressed. No action is needed at this time.

Read more
11 0 2,007
lorrin_minton
Community Manager
Community Manager

Impacted products: IdentityNow, IdentityIQ, File Access Manager, and IdentityAI

SailPoint is aware of the recently-identified log4j DoS vulnerability (CVE-2021-45046) that is related to the log4j critical RCE vulnerability (CVE-2021-44228). We are actively investigating the impact of that vulnerability, however preliminary analysis using information provided by the Apache Logging Services project and the CVE project seems to indicate that it is not a critical vulnerability (CVSS score of 3.7). 

We will be issuing further communications on our remediation plans once they become available. No action is needed at this time.

Read more
3 0 1,680
lorrin_minton
Community Manager
Community Manager

SailPoint has reproduced the recently-identified log4j critical vulnerability (CVE-2021-44228) in IdentityNow and has since released a patch to address this vulnerability. A new version of the Cloud Connector Gateway (CCG) has been also released to address this issue. Customers using CCG version 654 or later are no longer vulnerable and have no further action to take. The CCG version is visible to customer admins in the IdentityNow UI.

Customers should expect contact from SailPoint Support to assist with vulnerability mitigation.

Read more
3 0 1,789
lorrin_minton
Community Manager
Community Manager

The SailPoint team has identified some issues with the VA's updating properly in certain customer’s environments and is currently working with those customers to ensure the update happens correctly.

Additional information can be located here: https://community.sailpoint.com/t5/SaaS-Updates/IdentityNow-log4j-Remote-Code-Execution-Vulnerabilit...

Read more
0 0 977
lorrin_minton
Community Manager
Community Manager

IdentityIQ

This vulnerability can and should be immediately mitigated by introducing a JVM system property to the application server environment that is hosting IdentityIQ.

Detailed information on action needed can be located here: https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerabil...

 

File Access Manager

This vulnerability can and should be immediately mitigated by updating the log4j library in the Elasticsearch instance that is part of the File Access Manager deployment as documented in the content for the CVE referenced above.

Detailed information on action needed can be located here: https://community.sailpoint.com/t5/File-Access-Manager-Blog/File-Access-Manager-log4j-Remote-Code-Ex...

Read more
0 0 1,975
lorrin_minton
Community Manager
Community Manager

SailPoint SaaS Services Response to log4j Remote Code Execution Vulnerability

 

The critical vulnerability announced yesterday in the log4j library used in several SailPoint SaaS solutions (IdentityNow and IdentityAI) being tracked by CVE-2021-44228 has been mitigated in all SailPoint SaaS environments. All SailPoint SaaS services are now safe from the log4j exploit. 

 

Read more
10 0 4,753
lorrin_minton
Community Manager
Community Manager

Stay up to date on all the community announcements and updates herehttps://community.sailpoint.com/t5/Community-Announcements/bg-p/community-announcements

 

IdentityNow/IdentityAI:

log4j Remote Code Execution Vulnerability


SailPoint SaaS Services Response to log4j Remote Code Execution Vulnerability

Earlier today, a critical vulnerability in the log4j library used in several SailPoint SaaS solutions (IdentityNow and IdentityAI) was announced and is being tracked by CVE-2021-44228.

SailPoint is actively tracking this vulnerability and has implemented mitigating controls in our SaaS edge services. Teams are actively working to complete additional mitigations and remediations associated with on-premise services. Estimated completion for internal services is tomorrow, Dec 11th.

Cloud Access Manager:

log4j Remote Code Execution Vulnerability

Earlier today, a critical vulnerability in the log4j library was announced and is being tracked by CVE-2021-44228.

SailPoint has investigated this critical severity vulnerability and has determined that the CAM environments, which do not use the log4j library, are not impacted by this vulnerability.

The entire SailPoint team is available to answer any question you may have about this vulnerability. If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager.

SaaS Management:

log4j Remote Code Execution Vulnerability

Earlier today, a critical vulnerability in the log4j library was announced and is being tracked by CVE-2021-44228.

SailPoint has investigated this critical severity vulnerability and has determined that the SaaS Management environments, which do not use the log4j library, are not impacted by this vulnerability.

The entire SailPoint team is available to answer any question you may have about this vulnerability. If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager.

Access Risk Management:

log4j Remote Code Execution Vulnerability

Earlier today, a critical vulnerability in the log4j library was announced and is being tracked by CVE-2021-44228.

SailPoint has investigated this critical severity vulnerability and has determined that the ARM environments, which do not use the log4j library, are not impacted by this vulnerability.

The entire SailPoint team is available to answer any question you may have about this vulnerability. If you have questions, please contact your Customer Success Manager, Engagement Manager, or Partner Manager.

Read more
3 0 4,908
lorrin_minton
Community Manager
Community Manager

This issue is now resolved. We have confirmed that all services are operational. Please reach out to SailPoint Support for assistance if you are experiencing any further issues with your tenants.

Read more
0 0 646
lorrin_minton
Community Manager
Community Manager

We are experiencing an issue with our cloud provider disrupting our SaaS services.  We are monitoring the situation and working closely with our cloud provider to recover our services as soon as possible.

Please visit status.sailpoint.com for the latest updates or contact SailPoint support if you have any questions or concerns.

Read more
0 0 692
rose_cobb
SailPoint Employee
SailPoint Employee

SailPoint single access is live! After signing in through single access, click "sign in" on any of the other portals and you will automatically be logged in. Get started today by learning how to sign in for the first time.

The following websites are available through single access, with more to come soon: 

 

If you have any issues, please reach out to the team at login-help@sailpoint.com. Note that the new login does not include your IdentityNow account. Check out the Guide and FAQ for more information.

Read more
12 0 2,857
rose_cobb
SailPoint Employee
SailPoint Employee

Single access to all of SailPoint's websites launches on October 15! There will be downtime on Friday, October 15, from 5 - 11 p.m. Central Standard Time for Compass and Identity University. You will not be able to sign in during the update window, but you can still browse content that does not require signing in.

The following sites will be available through SailPoint single access, with more to come soon:

 

Learn how to sign in for the first time with single access and subscribe to Compass Announcements to receive a notification when the feature goes live. Please note that the new login does not include your IdentityNow account. Check out the Guide and FAQ for more information.

Read more
3 0 1,246
lorrin_minton
Community Manager
Community Manager

Please join us in welcoming, Skipper, our new automated chat bot! You can find Skipper hanging out at the bottom right-hand side of all pages and is here to provide you yet another way to gain assistance.

Screen Shot 2021-08-17 at 8.46.47 AM.png

Skipper is a little shy at first but the more you interact, the better it gets!

Screen Shot 2021-08-17 at 8.47.44 AM.png

If you have any questions, please reach out to compass-help@sailpoint.com.

Read more
0 0 868
lorrin_minton
Community Manager
Community Manager

The Compass Team will conduct platform maintenance on TODAY, August 16, from 9 - 11 p.m. central standard time. There will be a possible downtime of 30 minutes during this time-frame.

If you encounter any issues with your account after the maintenance window, please try logging out and logging back in. For any errors that don't resolve, reach out to us at compass-help@sailpoint.com for troubleshooting.

Read more
0 0 689