--- title: SailPoint Identity Security Cloud API Integration on Truto slug: sailpointidentitysecuritycloud category: Default canonical: "https://truto.one/integrations/detail/sailpointidentitysecuritycloud/" --- # SailPoint Identity Security Cloud API Integration on Truto **Category:** Default **Status:** Beta ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's SailPoint Identity Security Cloud account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach SailPoint Identity Security Cloud.** The Proxy API is a 1-to-1 mapping of the SailPoint Identity Security Cloud API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate enterprise user provisioning from SailPoint** — Enterprise buyers require centralized identity governance before purchasing your SaaS product. Integrating with SailPoint lets their IT teams automatically provision and deprovision users in your app as part of their existing Joiner-Mover-Leaver workflows, eliminating a major procurement blocker. - **Sync identity roles for compliance-ready access control** — Regulated enterprises need proof that user access in your product aligns with corporate governance policies. Pulling roles and user data from SailPoint lets you mirror their role-based access structure and provide auditors with a clear chain of entitlement. - **Enrich security analytics with enterprise identity data** — Security and risk management SaaS products can ingest SailPoint's user and role data to detect toxic access combinations, flag identity outliers, and correlate user entitlements across cloud infrastructure — adding high-value governance context to their threat models. - **Power license optimization with identity lifecycle signals** — SaaS spend management and license optimization tools can use SailPoint's user and role data to identify inactive or over-provisioned accounts, enabling automated seat reclamation tied to the enterprise's official identity governance processes. - **Act as an authoritative identity source for enterprise onboarding** — HR, contractor management, and workforce platforms can push identity records into SailPoint, triggering downstream provisioning across the enterprise's entire app stack — making your product the starting point of the identity lifecycle. ## What you can build - **SailPoint user directory sync** — Continuously import enterprise identities and their attributes from SailPoint Identity Security Cloud into your app to keep your user directory aligned with the customer's source of truth. - **Role-based access mapping** — Map SailPoint roles to your product's permission sets so that when an enterprise assigns a role in SailPoint, users automatically receive the correct access level in your app. - **Automated deprovisioning on termination** — Detect when a user is removed or suspended in SailPoint and instantly revoke their access in your product, satisfying enterprise compliance requirements without manual IT intervention. - **Enterprise identity dashboard** — Surface a read-only view of SailPoint-managed users and their assigned roles directly in your product's admin console, giving customer IT teams visibility without leaving your app. - **Compliance-ready user access reports** — Generate exportable reports showing which SailPoint-governed users have access to your product and under which roles, supporting your customers' quarterly access certification campaigns. ## FAQs ### How does authentication work with SailPoint Identity Security Cloud? SailPoint Identity Security Cloud uses OAuth 2.0. Your end users generate a Personal Access Token (client ID and secret) from their SailPoint admin console, which Truto exchanges for a JWT to authenticate API requests. Truto handles token refresh and credential storage. ### What data can I access through the Unified User Directory API for SailPoint? The Unified User Directory API maps to SailPoint's Users (Identities) and Roles resources, giving you access to enterprise user profiles and their role assignments. This covers the core data needed for provisioning, access control, and compliance reporting. ### Are additional SailPoint resources like Accounts, Entitlements, or Audit Events available? The current Unified API mapping covers Users and Roles. SailPoint's REST API exposes additional resources like Accounts, Entitlements, and Audit Events. Truto can build support for these on request — reach out to discuss your specific data requirements. ### Does Truto handle SailPoint API pagination and rate limits? Yes. Truto abstracts away SailPoint's API pagination and rate limiting so you don't have to build retry logic or cursor management. You interact with a consistent Unified API, and Truto handles the underlying API quirks. ### How do my end users connect their SailPoint tenant? Truto provides an embeddable connection flow (Truto Link) that guides your end users through entering their SailPoint tenant URL and generating the required OAuth credentials. No custom UI work is needed on your side. ### Can I write data back to SailPoint or is it read-only? The specific supported operations depend on the tools built for SailPoint. Since this integration is built on request, contact Truto to confirm read and write capabilities for your use case. SailPoint's API supports both reads and writes for most resources.