- Products & services Products & services
- Resources ResourcesLearning
- Learning
- Identity University Get technical training to ensure a successful implementation
- SailPoint professional certifications & credentials Advance your career or validate your identity security knowledge
- SailPoint recertification program Get recertified by demonstrating ongoing learning
- Training onboarding guide Make of the most of training with our step-by-step guide
- Training FAQs Find answers to common training questions
- Community Community
- Compass
- :
- Discuss
- :
- Community Wiki
- :
- Identity Security Cloud Wiki
- :
- Identity Security Cloud - General FAQs
- Article History
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Content to Moderator
Identity Security Cloud - General FAQs
Identity Security Cloud - General FAQs
- Register for Compass
- Identity Security Cloud environments & site names
- Vanity URLs
- Initial Access to Identity Security Cloud
- Configure Virtual Appliances
- IQService
Identity Security Cloud - General FAQs
Below are Frequently Asked Questions for topics related to Identity Security Cloud. If you don't find your question answered here, please contact your Customer Onboarding Manager (COM) if you are in initial deployment, or your Customer Success Manager (CSM).
Register for Compass
Q: Can I use a personal email address to sign up for Compass?
A: Yes. However, please note that some information may not be visible. To gain full access of Community resources, it is best to register with your work email address so you will be associated correctly with your company.
Q: What if I have a partner company or contractor(s) working on our behalf who may submit Support or Expert Services tickets?
A: Support tickets can be created via our Support Portal located at support.sailpoint.com. If your contractor or partner has a work email with your company’s domain, have them use that email to register. If they are going to use their own company work email, you can submit a Support ticket to provide their email address and the duration they have permission to submit cases on your behalf (e.g., 30-60-90 days).
Identity Security Cloud environments & site names
Q: Can we have more than 2 Identity Security Cloud environments?
A: Yes, additional non-production environments can be purchased. Contact your CSM for more details.
Q: Does Identity Security Cloud support subdomains in the URLs (e.g., https://dev.abccorp.identitynow.com, https://sandbox.abccorp.identitynow.com)?
A: Subdomains are not supported. In the example above, we suggest https://abccorp-dev.identitynow.com & https://abccorp-sb.identitynow.com . If the naming convention goes beyond the 16-character limit, use abbreviations where possible.
Q: Why is there a 16-character limit for my Identity Security Cloud URLs?
A: This Identity Security Cloud requirement has to do with how IDs are created per customer org.
Q: If we use the recommended URLs suggested by SailPoint, do we have to provide the SSL/TLS certificates for the domains?
A: No. If you accept the default naming convention (https://*.identitynow.com) you do not need to submit any additional information, we’ll take care of the rest.
Vanity URLs
Vanity or custom URLs deviate from the standard *.identitynow.com naming convention. They are often considered when customers want to associate their own domain with their Identity Security Cloud instance(s).
Things to consider
Time & Complexity Setting up vanity URLs require additional time consuming and technical steps. They must be completed correctly and submitted to SailPoint before your Identity Security Cloud tenants are created. They are a leading cause for delays in starting deployment projects.
Ongoing Maintenance The certs behind vanity URLs expire over time (normally every 2-3 years), requiring you to provide updated certs to SailPoint. If this is not completed before expiration, end users will see 'malicious or unsafe site' browser warnings until new certs are provided & processed.
We urge your team to review the entire process to ensure you are able to create the necessary artifacts found on Compass here:
Vanity urls after your orgs have been created Requesting vanity urls after your orgs have been created (and you are able to log into your prod & non-prod environments) requires creating new orgs with the new vanity urls--it's not possible to associate this type of url change with your existing org(s). The will require recreating foundational aspects like creating new VAs, connectors, and other customizations.
Q: I've created the vanity URL certificate and key, what next?
A: Open a Support case to submit the cert & keys for processing (NOTE: Submitting a case requires Support Portal credentials)
Q: How does DNS insertion work within Identity Security Cloud?
A: Below is an overview of this process:
- SailPoint sets up the DNS zone and cloud infrastructure for a vanity URL and sends you the NS servers of the zone we setup for your Identity Security Cloud instances.
- The customer inserts the NS record to delegate the specific domains to the provided NS servers.
- Once delegation is complete, any requests browsers make to the vanity domains would be referred to the SailPoint-provided NS servers to resolve so the traffic proceeds to its destination.
In this process--because DNS is part of the cloud infrastructure setup--we require the SSL/TLS certificate from the customer before we can create the cloud infrastructure that responds to the requests. Our DevOps team can create the DNS zone ahead of time and provide customers with the zone delegation information, but keep in mind that without the infrastructure to respond to the requests, the host names will not resolve to any record.
Another option is to take care of this for you by requesting and hosting the certificate for your vanity URL(s) through Amazon Certificate Authority, provided to you free of charge. This is the quickest path forward to setup custom URLs.
Initial Access to Identity Security Cloud
Q: Does the shared email address we request for initial Admin access have to be a working email?
A: Yes, because the initial access into Identity Security Cloud will be delivered via email to that address. This step grants initial Admin level access to your personnel who will be admins in the deployment, so they will need access to that mailbox.
Configure Virtual Appliances
Q: Can we setup just 1 VA for our sandbox or non-prod environment(s)?
A: Yes, at a minimum, you need 1 VA per non-prod environment. However, for resiliency and to avoid a single point of failure we recommend 2 VAs per cluster, per environment.
Q: Can the VA be setup on Windows?
A: No. The VA software is designed to run Flatcar Container Linux through an .ovf file running on a Virtual Machine. Our SailPoint Virtual Appliances documentation and Troubleshooting Guide have common Linux commands to manage your VAs.
Q: Are there any options to host VAs in the cloud, rather than on-premise?
A: Yes, VAs can be hosted in your own Amazon Web Service (AWS) or Microsoft Cloud (Azure) instance. Refer to the documentation below for more details:
- For AWS: Cloud VA Deployment with AWS
- For Azure: Cloud VA Deployment with Azure
- Be sure to review the System and Network Requirements.
- Contact your Customer Success Manager if you have additional questions
IQService
Q: We also use IdentityIQ, can we use the Windows system running IQService for IIQ for Identity Security Cloud as well?
A: You should install a separate instance of IQService for IdentityIQ and Identity Security Cloud.
Q: How do I know if I need to install SailPoint’s IQService?
A: If you intend to setup any of the following Connectors, you should install IQService: Active Directory, Azure Active Directory, IBM Lotus Domino, or Microsoft SharePoint. The full list can be found here.
Q: Where should I install IQService?
A: Install IQService on a supported windows system that has connectivity to the Domain Controllers you want to manage with Identity Security Cloud. Ideally these window systems should be located close to the data centers to minimize network latency.
Please refer to our IQService Admin guide for more details.
