Thursday, March 18, 2021

Sailpoint IIQ Azure Active Directory Connector Pre-check

Sailpoint IIQ Azure Active Directory Connector

Recently I was trying to integrate Azure AD with IIQ and found that 7.3P3 doesn't support proxy rather it's supported from patch4 version , so if you are in patch 3 make sure that the server FW is open and should be able to access the below URL which are internally used by Sailpoint Azure Connector.

https://login.windows.net

https://graph.windows.net

https://graph.microsoft.com

https://login.microsoftonline.com

Also make sure that you are able to retrieve data from Azure using below CURL

To generate access token :

curl --location --request POST 'https://login.microsoftonline.com/sailpointdev.onmicrosoft.com/oauth2/v2.0/token' \

--header 'Cookie: fpc=AnqEXhzvx4NKjU5r-HxvS9WRa5E6AQAAALRd4tcOAAAA; stsservicecookie=ests; x-ms-gateway-slice=prod' \

--form 'grant_type="client_credentials"' \

--form 'client_id="<Client_ID>"' \

--form 'client_secret="<Secret>"' \

--form 'scope="https://graph.microsoft.com/.default"'


Use above generated access token and fire below curl :

curl --location --request GET 'https://graph.microsoft.com/v1.0/groups?$top=500&$filter=securityEnabled+eq+true' \

--header 'Authorization: Bearer XXXXXXeyJ0eXAiOiJKV1QiLCJub25jZSIXXXXX' \

--header 'Content-Type: Application/json;odata=minimalmetadata'


Happy Learning !!