--- title: SailPoint IdentityIQ SCIM API Integration on Truto slug: sailpointidentityiqscim category: Default canonical: "https://truto.one/integrations/detail/sailpointidentityiqscim/" --- # SailPoint IdentityIQ SCIM API Integration on Truto **Category:** Default **Status:** Beta ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's SailPoint IdentityIQ SCIM account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach SailPoint IdentityIQ SCIM.** The Proxy API is a 1-to-1 mapping of the SailPoint IdentityIQ SCIM API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Ingest enterprise identity context for real-time access decisions** — Security and zero-trust SaaS platforms can pull users and roles from a customer's SailPoint IdentityIQ instance to make dynamic, policy-aware access decisions without requiring manual directory syncs. - **Auto-map enterprise roles to your application's permission model** — SaaS products can sync SailPoint business and IT roles directly into their own RBAC system, ensuring that enterprise customers' governance policies are automatically reflected in your app's permissions structure. - **Seed your SaaS user base from the corporate identity source of truth** — Instead of relying on CSV imports or AD-only syncs, your product can continuously pull the authoritative user directory from SailPoint IIQ — including custom enterprise attributes like department codes and cost centers — to populate and maintain your internal user records. - **Enrich security alerts with precise identity and role context** — Cybersecurity and asset management platforms can correlate infrastructure findings with SailPoint identity data, enabling alerts that pinpoint exactly which user and role owns a misconfigured resource. - **Unlock Fortune 500 deals with a native IGA integration** — Large regulated enterprises often mandate SailPoint IdentityIQ integration as a procurement requirement. Offering a native connector removes a major blocker in enterprise sales cycles for security, PAM, and IT operations SaaS products. ## What you can build - **Automated user directory sync from SailPoint IIQ** — Continuously import and reconcile users from SailPoint IdentityIQ into your application, keeping your user base aligned with the customer's corporate directory without manual intervention. - **Enterprise role-to-permission mapping engine** — Automatically fetch SailPoint roles and map them to your product's internal permission tiers (e.g., viewer, editor, admin) so new users inherit the correct access level from day one. - **Identity-aware security posture dashboard** — Build a view that overlays SailPoint user and role data on top of your security findings, letting customers see exactly which identities are associated with risky configurations or policy gaps. - **Just-in-time user provisioning triggered by SailPoint governance** — Create user accounts in your SaaS only after SailPoint has completed its approval workflow, ensuring every provisioned user has passed the enterprise's governance checks. - **Role-based access audit report for compliance teams** — Generate exportable reports showing which SailPoint roles are mapped to which in-app permissions, giving your customers' compliance auditors the evidence they need for access recertification. ## FAQs ### What authentication method does SailPoint IdentityIQ SCIM use? SailPoint IdentityIQ's SCIM 2.0 API uses HTTP Basic Authentication. Your end users will provide their IIQ credentials when connecting their account through Truto, and Truto handles storing and managing those credentials securely. ### What data can I read from SailPoint IdentityIQ through Truto? Truto's Unified User Directory API maps to SailPoint IIQ SCIM's Users and Roles endpoints. This gives you access to enterprise identities (including custom attributes like department codes and risk scores) and both business and IT roles. Additional resources like Entitlements and PolicyViolations are available through the underlying SCIM API and can be built on request. ### Does SailPoint IdentityIQ SCIM support write operations? Yes, the SailPoint IIQ SCIM 2.0 API supports creating, updating, and deleting users and other resources. Specific write operations through Truto's unified layer can be built on request to match your integration requirements. ### How does Truto handle pagination for SailPoint IIQ SCIM endpoints? Truto abstracts away SCIM 2.0 pagination so you don't need to manage startIndex and count parameters yourself. You get a consistent pagination interface regardless of how large the customer's identity dataset is. ### Is SailPoint IdentityIQ typically on-premise? How does that affect connectivity? SailPoint IdentityIQ is predominantly deployed on-premise or in hybrid environments. The SCIM API must be network-accessible for Truto to reach it. For customers with strict network policies, Truto can work with proxy or tunnel configurations to securely connect to on-premise IIQ instances. ### What if I need access to SailPoint IIQ SCIM resources beyond Users and Roles? Truto currently maps Users and Roles through its Unified User Directory API. Additional SCIM resources like Entitlements, PolicyViolations, and Workflows are supported by SailPoint IIQ and can be built on request — reach out to the Truto team to scope your specific requirements.