Register Sign in Need help? FAQ SailPoint directory
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Enhancement: Extending SailPoint Microsoft Connectivity

dinesh_mishra
SailPoint Employee
SailPoint Employee
0 0 372
‎Apr 15, 2026 08:29 AM

SailPoint Supercharges Microsoft Connectivity: A Year of Innovation

As more enterprises adopt SailPoint to meet demanding identity security needs, customers are also demanding increased connectivity for Microsoft Entra ID (formerly known as Azure Active Directory) and Active Directory connectors.

Applying core SailPoint identity security – including access certifications, access requests, separation-of-duty policies, role management, and audit reporting – to the critical applications that businesses use every day is key to a solid security posture.

Most of our customers use Microsoft connectors. Its feature-rich enterprise-level access management capabilities give hybrid computing users the ability to seamlessly access both on-premise and cloud applications.

Extending SailPoint identity security to both Active Directory and Entra ID access management capabilities is important to enterprise customers. SailPoint’s expansion of deeper Microsoft integrations – including Agent discovery capabilities – delivers a more powerful and complete identity security solution.

The Microsoft connectivity landscape has been one of SailPoint’s strategic initiatives for the last several years, and it has been especially focused on deeper integration of Microsoft capabilities within our holistic identity security solution. These updates are themed around three core principles: embracing the new frontier of AI governance, delivering deeper, more granular security controls and modernizing our cloud connectivity.

dinesh_mishra_3-1776256008772.png Governing the New Frontier: AI and Machine Identities

  • The Microsoft Entra connector supports the discovery and governance of Microsoft Copilot Studio Agents and Azure AI Foundry Agents. This new capability allows you to:
    • Establish Ownership: Assign clear human ownership and accountability for every AI agent.
    • Gain Visibility: Understand each agent’s permissions, associated resources, and potential risk.
    • Restrict Access: Proactively manage and restrict agent access based on its purpose and sensitivity to prevent misuse
  • Along with above types of agents, the connector supports the following Microsoft workload identities -
    • Service Principal for Enterprise Applications
    • User-assigned Managed Identities
    • System-assigned Managed Identities

New Connectivity

  • SailPoint’s Microsoft Azure DevOps (SaaS) connector securely connects with Microsoft DevOps services and provides governance capabilities to manage users and groups.
  • The SailPoint Microsoft Entra SSO Discovery connector retrieves details of applications configured in Microsoft Entra. It provides continuous application discovery, revealing inventory and ownership across the enterprise.

dinesh_mishra_4-1776256008772.png Deeper Security and Granular Cloud Governance

We continue to deepen the governance capabilities of our connectors to give you more granular control over your Microsoft environment. Key enhancements and standing features include:

  • Comprehensive Lifecycle Management:
    • Connector now supports aggregating and provisioning External Member accounts. This B2B collaboration user has an account in an external Entra ID organization or an external identity provider (such as a social identity) and member-level access to resources in your organization. This is common in organizations consisting of multiple tenants, where users are considered part of the larger organization and need member-level access to resources in the organization’s other tenants.
  • Expanded Object Management:
    • Connector now supports aggregation and provisioning of the sponsors attribute. The sponsor feature helps manage B2B users in your directory by tracking who is responsible for each guest user. With the sponsor feature, you can assign a person or group to every guest user, which helps track who invited them and promotes accountability.
  • Fine-grained Visibility and Control:
    • The Microsoft Entra connector allows filtering of the Azure resource providing granular control over the scope of account and entitlement aggregation through configured list of Subscription IDs and Management Group IDs.
    • Connector also supports reading LastSuccessfulSigninDateTime attribute for sign-in activity related information for the users.
    • The Microsoft Entra connector now supports applying group membership filters during account aggregation for memberships belonging to the group object type. This provides capability to filter your on-prem Active Directory sync groups.
    • The Active Directory connector now retrieves cross-domain group memberships for group objects during entitlement aggregation and represents these relationships in a hierarchical view.
  • Performance Optimization:
    • Improve performance for Exchange DLs Bulk Provisioning Operations in the Microsoft Entra connector.
  • Risk Specific Information:
    • Enhance your security posture by getting risk specific information risk level, risk state, risk detail and last updated date time when the risky account last updated.

dinesh_mishra_5-1776256008773.png Modernizing for a Cloud-First Future

  • As Microsoft evolves its platform, we ensure our connectors evolve in lockstep. A crucial update this past year has been the transition to the Microsoft Graph API. In line with Microsoft’s deprecation of the older Azure AD Graph API, we have proactively guided customers to update their Entra ID connector configurations.
  • This migration, finalized before the June 2025 deadline, ensures uninterrupted service and aligns our connectivity with Microsoft’s modern, more secure API framework. While this was primarily an action for our IdentityIQ customers, our cloud-native approach, means our Identity Security Cloud SaaS and VA-based connectors were already leveraging the modern Graph API.
  • This focus on future-proofing is also reflected in the architecture of our Active Directory connector for Identity Security Cloud, which utilizes our Cloud Connector Gateway (CCG) to provide a secure and robust bridge to on-premises resources.

 

Get stronger enterprise identity security with Microsoft connectivity

SailPoint’s core identity security capabilities enhance Microsoft Entra’s unique access management and identity protection services for a more complete enterprise identity security solution.

This focus on strategic connectivity with Microsoft and other critical applications and systems gives enterprises the increased compliance, security, and identity management requirements they need to stay both competitive and secure.

Questions? Comments? Let us know!

We want to hear your stories and experiences about your identity security journey and better understand how SailPoint’s expanded connectivity options can spur your success.

You can also send requests and suggestions for other connectivity here. We look forward to your feedback!

Tags (1)
0 Kudos
About the Author
Hey there, I am working as a Product Manager at SailPoint.
Contributors
Labels