SailPoint MCP Server

README.md•5.25 kB

# SailPoint MCP Server MCP server for SailPoint IdentityNow/Identity Security Cloud API. Provides comprehensive tools for identity governance, access management, and compliance operations. ## Features - **Identity Management**: List, search, and get identity details - **Account Operations**: List accounts, enable/disable, unlock, view entitlements - **Access Profiles**: Create, list, and manage access profile bundles - **Roles**: Create, list, and manage role definitions - **Certifications**: View certification campaigns and access reviews - **Workflows**: List, test, and monitor automation workflows - **Search**: Full-text search across identities, accounts, roles, and more - **SOD Policies**: View Separation of Duties policies and violations - **Sources**: List and inspect connected identity sources ## Configuration Set the following environment variables: ```bash SAILPOINT_BASE_URL=https://your-tenant.api.identitynow.com SAILPOINT_CLIENT_ID=your-client-id SAILPOINT_CLIENT_SECRET=your-client-secret SAILPOINT_API_VERSION=v3 # Optional: v3 (default) or v2025 ``` ### API Version Support The server supports both SailPoint API versions: - **v3** (default): Stable, widely-supported API version - **v2025**: Latest API version with new features like Configuration Hub, enhanced identity management, and experimental endpoints To use v2025 APIs, set `SAILPOINT_API_VERSION=v2025`. The v2025 API includes: - Configuration Hub for automated configuration deployment - Enhanced identity deletion capabilities - Machine account management - Data segmentation and access security - Advanced IAI features (outliers, role mining, common access) - Non-employee lifecycle management For more information, see [SailPoint API v2025 Documentation](https://developer.sailpoint.com/docs/api/v2025/) ### Getting Credentials 1. Log into your SailPoint Identity Security Cloud tenant 2. Go to **Preferences** (under your username dropdown) 3. Select **Personal Access Tokens** on the left 4. Click **New Token** to generate a new PAT 5. Copy the **Client ID** and **Client Secret** Your base URL follows the format: `https://{tenant}.api.identitynow.com` ## Available Tools ### Identities - `list_identities` - List identities with filtering - `get_identity` - Get detailed identity information ### Accounts - `list_accounts` - List accounts across sources - `get_account` - Get account details - `get_account_entitlements` - List account entitlements - `enable_account` - Enable a disabled account - `disable_account` - Disable an account - `unlock_account` - Unlock a locked account ### Access Profiles - `list_access_profiles` - List access profiles - `get_access_profile` - Get access profile details - `create_access_profile` - Create a new access profile ### Roles - `list_roles` - List roles - `get_role` - Get role details - `get_role_assigned_identities` - List identities assigned to a role - `create_role` - Create a new role ### Certifications - `list_certifications` - List active certifications - `get_certification` - Get certification details - `list_certification_campaigns` - List certification campaigns - `get_certification_campaign` - Get campaign details ### Workflows - `list_workflows` - List automation workflows - `get_workflow` - Get workflow details - `get_workflow_executions` - View workflow execution history - `test_workflow` - Test a workflow ### Sources - `list_sources` - List connected sources - `get_source` - Get source details ### Search - `search` - Search across indices (identities, accounts, roles, etc.) - `search_aggregate` - Aggregate analytics queries ### Entitlements - `list_entitlements` - List entitlements - `get_entitlement` - Get entitlement details ### Access Requests - `list_access_requests` - List access requests - `create_access_request` - Create a new access request ### Identity Profiles - `list_identity_profiles` - List identity profiles - `get_identity_profile` - Get identity profile details ### SOD Policies - `list_sod_policies` - List SOD policies - `get_sod_policy` - Get SOD policy details - `list_sod_violations` - List SOD violations ## Usage Examples ### Search for identities ```json { "indices": ["identities"], "query": "name:John AND department:Engineering" } ``` ### List active access requests ```json { "filters": "status eq \"PENDING\"" } ``` ### Create an access request ```json { "requestedFor": ["identity-id-1"], "requestedItems": [ { "type": "ROLE", "id": "role-id", "comment": "Need access for project X" } ] } ``` ## Building ```bash npm install npm run build ``` ## Performance Features ### HTTP Connection Pooling The server uses a singleton axios instance with HTTP Keep-Alive for optimal performance: - Reuses TCP connections across multiple requests - Connection pool: 50 max sockets, 10 max free sockets - 30-second keep-alive timeout - Automatic token refresh without creating new connections This provides significant performance improvements for sequential API calls, especially when making multiple requests in a short time period. ### Token Caching OAuth2 tokens are cached with a 60-second buffer before expiry, minimizing unnecessary token refresh requests. ## License MIT

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/schwarztim/sailpoint-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

README.md•5.25 kB