Moving Configurations Between SailPoint Tenants

I am willing to bet $10 you had the following scenario happen to you at least once in your technical career:

You spent the day configuring a new tool in a sandboxed environment and after getting everything to work, you now have to do the same configuration on the production environment, but it's too much work to do manually, sounds daunting, doesn't it?

I found myself in this same position recently when I finished configuring and testing an integration on a sandbox SailPoint environment and needed to move the configuration into a production environment. I did things manually and, surprise surprise, the test operations were failing despite me having replicated everything from the sandbox environment.

After some trial and error, I brought up the issue with the professional services team, and they told me about a new API endpoint that's available in beta which solves my predicament, music to my ears. I started digging into how to use the API and this blog post is the result of my tests, failures, and some great help from the professional services team.

Overview | Sailpoint API References
A documenation site for Sailpoint API references.

The Steps

Fetch Session Tokens

There are many ways to authenticate towards the API, but the simplest one I have learned from one of SailPoint's architects goes as the following:

  • Login into your SailPoint tenant.
  • Go into the Admin interface and authenticate yourself using Strong Authentication.
  • Visit the URL in a new tab https://<Your-Tenant-BaseURL>/ui/session?refresh=true
  • This will provide you with a JSON object that includes a lot of information, but we are only interested in two values, baseUrl and accessToken.

List Configurations

Once you have the access token, you can run the following curl command to get a list of all configuration objects. You could also use Postman or other REST communication tools if you want.

Export Configuration

Now that you know what configurations you have on your environment, it's time to export it. You can use the following command to export configurations for Sources, Rules, and Transforms. You can also exclude things you want to avoid exporting. For extensive explanation of what you can do, check the API documentation.

TIP: Note down the export ID from the response you get, it will be required in the next step.

curl --location --request POST 'https://<source-tenant-name>.api.identitynow.com/beta/sp-config/export' \
--header 'Authorization: Bearer <Access Toke>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "excludeTypes": [],
    "includeTypes": [
        "SOURCE", "RULE" , "TRANSFORM"
    ],
    "description": "Export Job 1"
}'

Running the export operation is only the first step, you need to download it before you can import it into your destination environment. The command you should use is:

curl --location --request POST 'https://<source-tenant-name>.api.identitynow.com/beta/sp-config/export/<EXPORT ID>/download' \
--header 'Authorization: Bearer <Access Toke>'

Import Configuration

Now that you have your configuration file, make sure to update it with the correct information, particularly:

  • Remove some configuration objects that you don't want to import to the destination environment.
  • Update the name of the tenant to reflect the name of the destination one.
  • Update descriptions.
  • Other edits that you might see fit.

Once you have completed all the edits and changes, you can import your exported configuration using the following command.

curl --location --request POST 'https://<dest-tenant-name>.api.identitynow.com/beta/sp-config/import/' \
--header 'Authorization: Bearer <Access Token>' \
--form 'data=@"<LINK TO JSON FILE>"'

PS: It's much easier to do this operation through Postman.

Amend Details

Once your configuration is imported, it's now time to amend some details to ensure it fits your new environment context. Make sure to review the configuration thoroughly before attempting to run any test operations or other tasks.

And that's it. You have successfully exported and imported your configuration(s) with minimal manual work and smooth execution. Well done 👏👏👏