Skip to main content

What Living Security needs

Scopes: Client Credentials grant type with access to /v3/accounts and /v3/search endpoints Required role: Admin or System Administrator in SailPoint IdentityNow

Prerequisites

  • You must have Admin or System Administrator access in SailPoint IdentityNow to create and manage API clients.

Part A — In SailPoint IdentityNow

Your SailPoint IdentityNow administrator completes these steps.
1

Locate your tenant subdomain

Your tenant subdomain appears before .identitynow.com in all IdentityNow URLs.From your IdentityNow URL: When signed in, your browser shows https://TENANT.identitynow.com. The part before .identitynow.com is your tenant subdomain.From the admin dashboard: Navigate to AdminDashboardOverview and look for the Org Name in the Org Details section.Record this value for Part B.
2

Create an OAuth 2.0 API client

  1. Sign in to your IdentityNow admin console.
  2. Navigate to the API Management panel: https://TENANT.identitynow.com/ui/admin/#admin:global:security:apimanagementpanel Replace TENANT with your actual tenant subdomain.
  3. Click New (or Create API Client).
  4. Enter a descriptive Name (e.g., Living Security Platform).
  5. Under Grant Types, enable Client Credentials.
  6. Leave other grant types disabled unless you have a separate use case.
  7. Click Save.
The Client Credentials grant type authorizes the integration to request access tokens using only the client ID and secret, with no user interaction. This is appropriate for server-side data sync integrations.
3

Copy the Client ID and Client Secret

After saving, IdentityNow displays the Client ID and Client Secret.Copy both values immediately and store them securely (e.g., in a password vault).
The Client Secret is displayed only once immediately after creation. If you navigate away before copying it, you must delete the client and create a new one. The Client ID remains visible in the API Management panel, but the secret does not.

Part B — In the Living Security Platform

The program owner completes this step, or the system admin if using delegated setup.
1
You are now connected to SailPoint IdentityNow.

Troubleshooting

The credentials are invalid. Check:
  1. Client ID and Client Secret are correct
  2. Client Secret has not been rotated or deleted
  3. Tenant subdomain matches your IdentityNow environment exactly
The API client may not have sufficient authorization scopes, or your IdentityNow admin account lacks the necessary rights.Verify:
  1. The API client is configured with the Client Credentials grant type
  2. Your admin account has roles required to access /v3/accounts and /v3/search endpoints
The tenant subdomain may be incorrect. Verify:
  1. You entered only the subdomain (e.g., acme), not the full domain
  2. The subdomain matches your IdentityNow URL exactly (case-sensitive)
The API client may lack permissions to read identity data. Verify your IdentityNow admin account has the roles required to access the identities and accounts APIs.