Skip to main content

About SailPoint Identity Security Cloud

SailPoint Identity Security Cloud (ISC), formerly known as IdentityNow, is a cloud-based identity security platform. Serval connects to ISC using a Personal Access Token (PAT), which provides a client ID and client secret for API authentication. For the on-premises SailPoint product, see IdentityIQ.

Prerequisites

  • Access to a SailPoint ISC tenant with admin or sufficient privileges
  • Permission to create Personal Access Tokens in ISC

Connect Identity Security Cloud to Serval

1

Find your tenant name

Your ISC tenant name is part of your ISC URL. If your organization accesses ISC at https://acme-corp.identitynow.com, your tenant name is acme-corp.You can also find it in the ISC admin console:
  1. Log into your ISC instance
  2. Select Dashboard → Overview
  3. Find the Org Name in the Org Details section
If your organization uses a vanity URL (e.g. identity.acme.com), you can retrieve your tenant name by navigating to https://[tenant].api.identitynow.com/oauth/info — the tenantName field in the response is the value you need.
2

Generate a Personal Access Token

A Personal Access Token (PAT) in SailPoint ISC generates a Client ID and Client Secret pair that you will use to authenticate.
  1. Log into your ISC instance
  2. Go to Preferences → Personal Access Tokens (or navigate directly to https://[tenant].identitynow.com/ui/d/user-preferences/personal-access-tokens)
  3. Click New Token
  4. Enter a description (e.g. “Serval Integration”)
  5. Click Create Token
  6. Copy both the Client ID and the Client Secret
The Client Secret is only shown once when the token is created. Store it securely before closing the dialog. If you lose it, you will need to generate a new token.
Each user is limited to 10 Personal Access Tokens. Delete any tokens you no longer need before creating new ones.
The access level granted by the PAT matches the permissions of the user who created it. For full API access, generate the token from an admin account.
3

Connect in Serval

  1. In Serval, go to Apps → Available
  2. Find SailPoint and click Connect
  3. Select Identity Security Cloud
  4. Enter the following:
FieldDescription
Tenant NameYour ISC tenant name (e.g. acme-corp)
Client IDThe Client ID from your Personal Access Token
Client SecretThe Client Secret from your Personal Access Token
  1. Click Connect
4

Verify the connection

After connecting, confirm the integration is working by running the health checks in the API Integration tab on the SailPoint Identity Security Cloud app page.
Your SailPoint Identity Security Cloud integration is connected.

How authentication works

Serval uses your PAT credentials (Client ID and Client Secret) with the Client Credentials grant flow to obtain a JWT access token from ISC. This token is automatically refreshed as needed. You do not need to manage tokens manually after the initial setup.

Troubleshooting

“401 Unauthorized” or “Invalid credentials” errors
  • Verify your Client ID and Client Secret are correct
  • Ensure the Personal Access Token has not been deleted or expired
  • Confirm the user who created the PAT still has the necessary permissions
“Tenant not found” errors
  • Double-check the tenant name — it should be just the tenant identifier (e.g. acme-corp), not the full URL
  • If using a vanity URL, retrieve the underlying tenant name from https://[tenant].api.identitynow.com/oauth/info
“403 Forbidden” errors
  • The PAT inherits the permissions of the user who created it. Ensure that user has sufficient access for the API operations Serval needs to perform
  • Some endpoints require specific admin roles — check with your ISC admin
Need help? Contact support@serval.com for assistance with your SailPoint Identity Security Cloud integration.