--- title: SailPoint NERM API Integration on Truto slug: sailpointnerm category: Default canonical: "https://truto.one/integrations/detail/sailpointnerm/" --- # SailPoint NERM API Integration on Truto **Category:** Default **Status:** Beta ## Unified APIs ### Unified User Directory API - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's SailPoint NERM account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach SailPoint NERM.** The Proxy API is a 1-to-1 mapping of the SailPoint NERM API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Sync non-employee identities into your SaaS user directory** — SaaS companies offering enterprise collaboration, productivity, or IT service tools need a complete view of the workforce — not just full-time employees. Integrating with SailPoint NERM via Truto lets you pull contractors, vendors, and contingent workers into your app alongside HRIS-sourced employees, giving customers a unified user directory. - **Automate contractor onboarding from your vendor management platform** — If your SaaS manages freelancer engagements or vendor relationships, you can push new contractor profiles and contract metadata into NERM to trigger downstream IT provisioning. This turns your platform into the starting point for secure, governed access — a major selling point for enterprise buyers. - **Enforce real-time deprovisioning when non-employee status changes** — Enterprise customers expect that when a contractor is offboarded or a vendor relationship ends, access to your SaaS product is revoked immediately. By reading non-employee lifecycle status from NERM, your app can automatically disable accounts, remove permissions, and maintain audit-ready compliance. - **Enrich your identity verification workflows with NERM profile data** — Background check and identity verification platforms can pull staged non-employee profiles from NERM, run their checks, and write results back — unblocking onboarding workflows inside the customer's identity governance stack without manual intervention. - **Power role-based access decisions with non-employee context** — Security and access management SaaS products can read roles and profile types from NERM to make fine-grained authorization decisions for the extended workforce, ensuring contractors only see what their engagement scope permits. ## What you can build - **Unified employee + contractor directory** — Combine W-2 employees from HRIS integrations and non-employees from SailPoint NERM into a single Users list using Truto's Unified User Directory API, so your app always shows the complete workforce. - **Automated contractor lifecycle sync** — Continuously poll NERM profiles to detect status changes — new hires, role moves, and terminations — and automatically reflect those in your app's user and permissions model. - **Role-aware access controls for non-employees** — Leverage role data from NERM to dynamically scope what contractors and vendors can see or do inside your product, enforcing least-privilege without manual admin work. - **Non-employee onboarding trigger from your app** — When a new vendor or contractor engagement is created in your platform, push the profile into NERM to kick off the customer's governed provisioning workflow — including approvals, background checks, and IT access grants. - **Contract expiry and offboarding automation** — Read contract end-dates and termination statuses from NERM profiles and automatically deactivate user accounts, revoke permissions, and log the action for audit trails inside your SaaS. - **Compliance-ready non-employee access reports** — Surface which non-employees have active access to your product, when they were provisioned, and their current NERM status — giving your enterprise customers audit-ready documentation out of the box. ## FAQs ### How does authentication work with SailPoint NERM? NERM's REST API uses token-based authentication via Personal Access Tokens (PATs) generated in SailPoint Identity Security Cloud. Truto handles token management and auth configuration so your end users can connect their NERM instance without your team building custom auth flows. ### What data can I access through Truto's Unified User Directory API for NERM? The Unified User Directory API maps to NERM's Users and Roles. This lets you read non-employee profiles (contractors, vendors, bots, etc.) and their associated roles. Since NERM profiles are highly customizable and can represent assignments, cost centers, or vendor companies, the exact schema depends on how the customer has configured their profile types. ### How does pagination work when fetching large sets of non-employee profiles? NERM's API uses cursor-based pagination with limit, offset, and metadata next parameters. Truto abstracts this so you get a consistent pagination interface regardless of the underlying API mechanics — important for enterprise customers with tens of thousands of non-employee records. ### Are specific NERM tools available in Truto today? SailPoint NERM tools in Truto are built on request. If you need this integration, reach out to the Truto team and they will build and ship the specific endpoints and data mappings you need — typically covering profiles, profile types, and workflow sessions. ### Can I write data back to NERM, or is it read-only? NERM's REST API supports GET, POST, and PATCH operations on profiles and can trigger workflow sessions. Write-back capabilities — such as pushing new contractor profiles or updating custom attributes like background check status — can be built as part of your Truto integration on request. ### Does NERM support webhooks for real-time event notifications? Yes, NERM supports outbound webhooks (requiring TLS 1.2+) that fire on lifecycle events like status changes or contract expirations. This enables event-driven patterns such as instant deprovisioning when a contractor is terminated, complementing the polling approach via Truto's Unified API.