SailPoint POT - razmipatel/Random GitHub Wiki

SailPoint to Entra ID PoT Summary

Purpose

To validate the integration of SailPoint with Microsoft Entra ID for:

  • B2B identity provisioning
  • Azure RBAC (cloud-only group management)
  • Privileged Identity Management (PIM) for eligible and static access control
  • Role-based access for Entra ID and Microsoft 365 compliance roles

PoT Activities Performed

1. Connector Setup

  • Successfully created a new Entra ID Connector App registration.
  • Integration tested in a Lab Entra ID tenant and the SailPoint development environment.

2. B2B Identity Lifecycle Testing

  • Successfully created Identity Cubes in SailPoint for B2B users.
  • Guest invitations issued via SailPoint, validating the B2B invite workflow.
  • Confirmed that Identity Cube creation is a prerequisite for invitation issuance.

3. Group & Entitlement Management

  • Confirmed SailPoint can manage cloud-only Entra ID groups.
  • Static membership group assignments tested successfully.
  • Encountered inconsistent behavior where multiple approvals were required for changes to complete in Entra ID.

4. Privileged Access Management

  • PIM-enabled group assignments (eligible) were not tested.
  • Entra ID built-in roles and Microsoft 365 compliance roles were not tested.
  • SailPoint console lacks clear capabilities for managing PIM entitlements at this stage.

PoT Closure Statement

This PoT is now closed.
Core use cases — identity provisioning and static group assignment — were successfully validated. B2B onboarding was proven viable. However, the connector requires enhancement to support advanced scenarios including PIM and role-based access control.

PoT Outcome & Next Steps

✅ Confirmed

  • Identity provisioning (B2B + member)
  • Cloud-only group management via Microsoft Graph API

⚠️ Pending Further Testing

  • Assigning/removing users (member and B2B) to:
    • PIM-enabled groups (eligible)
    • Entra ID built-in roles
    • Microsoft 365 compliance roles

Next Steps

  • Continue connector development to support advanced API-based role assignments.
  • Evaluate SailPoint support for PIM and M365 compliance role management.
  • Define production requirements and finalize architecture for secure deployment.

Prepared by: Razmi
Date: [Insert Date]