SailPoint Identity Security Cloud REST API

SailPoint Identity Security Cloud (ISC) REST API for enterprises to manage identity governance, access certifications, role management, provisioning, and access request workflows — enabling automated identity lifecycle management, access risk detection, entitlement management, and governance reporting through SailPoint's AI-powered identity security platform. Enables AI agents to manage identity management for joiner/mover/leaver lifecycle and attribute management automation, handle access certification for automated access review campaign creation and decision automation, access role management for role definition, assignment, and entitlement management automation, retrieve provisioning for account and access provisioning and deprovisioning automation, manage access request for self-service access request workflow automation, handle SOD management for segregation of duties violation detection and remediation automation, access reporting for identity risk and compliance reporting automation, retrieve access recommendation for AI-driven access recommendation automation, manage policy management for access policy definition and enforcement automation, and integrate SailPoint with HR systems, Active Directory, cloud apps, and enterprise systems for identity governance automation.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Other sailpoint identity-governance IGA access-management identity-security NASDAQ:SAIL
⚙ Agent Friendliness
58
/ 100
Can an agent use this?
🔒 Security
82
/ 100
Is it safe for agents?
⚡ Reliability
72
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
10
Documentation
78
Error Messages
74
Auth Simplicity
76
Rate Limits
68

🔒 Security

TLS Enforcement
99
Auth Strength
80
Scope Granularity
76
Dep. Hygiene
76
Secret Handling
78

Enterprise IGA. SOC2, GDPR, HIPAA, FedRAMP. OAuth2. US/EU/APAC. Identity and access entitlement data.

⚡ Reliability

Uptime/SLA
72
Version Stability
76
Breaking Changes
70
Error Recovery
72
AF Security Reliability

Best When

A large enterprise wanting AI agents to automate identity lifecycle management, access certification campaigns, SOD violation detection, and governance reporting through SailPoint's AI-powered identity security and governance platform.

Avoid When

ENTERPRISE LICENSE REQUIRED: SailPoint serves large enterprises; automated open-developer assumption creates enterprise_required; SailPoint ISC requires enterprise agreement; automated must have SailPoint subscription. IDENTITY DATA MUST BE AGGREGATED: SailPoint IGA requires source system aggregation (HR, AD, apps); automated ready-to-govern assumption creates empty_identity_warehouse for governance operations without first aggregating identity data from source systems; automated must configure and run source aggregation. CERTIFICATION CAMPAIGNS REQUIRE CONFIGURATION: Access review campaigns require configured campaign templates; automated instant-review assumption creates campaign_not_configured for certifications without pre-configured campaign templates; automated must set up certification campaign configuration. PROVISIONING REQUIRES CONNECTORS: Identity provisioning requires configured connectors to target systems; automated universal-provisioning assumption creates connector_not_found for provisioning to systems without configured connectors; automated must configure target system connectors.

Use Cases

  • Automating joiner/mover/leaver identity lifecycle provisioning for HR-driven identity agents
  • Running automated access certification campaigns for compliance governance automation agents
  • Detecting and remediating access risk and SOD violations for identity risk automation agents
  • Managing role-based access control and entitlement assignments for identity governance agents

Not For

  • Consumer identity and access management (SailPoint is workforce IGA, not consumer CIAM)
  • Authentication and SSO (SailPoint governs access, not authentication — Okta, Ping serve SSO)
  • Small organizations without enterprise identity complexity (SailPoint is enterprise-grade IGA; simpler tools serve SMB identity needs)

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
Yes
OpenAPI Spec ↗

Authentication

Methods: oauth2
OAuth: Yes Scopes: Yes

SailPoint ISC uses OAuth2 for Identity Security Cloud REST API. REST API with JSON. Austin, TX HQ. Founded 2005 by Mark McClain, Kevin Cunningham, and Darran Rolls. Taken private by Thoma Bravo ($6.9B, 2022), re-IPO NASDAQ:SAIL (2024). Products: SailPoint ISC (cloud IGA), SailPoint IdentityNow (legacy), SailPoint Identity AI (AI-powered). 3,000+ enterprise customers. Industries: financial services, healthcare, government, retail. Competes with Saviynt, One Identity, and IBM Security Verify for enterprise IGA.

Pricing

Model: subscription
Free tier: No
Requires CC: No

Austin TX. NASDAQ:SAIL. $600M+ revenue. 3,000+ enterprise customers. Thoma Bravo backed. Enterprise IGA leader.

Agent Metadata

Pagination
cursor
Idempotent
Partial
Retry Guidance
Documented

Known Gotchas

  • IDENTITY AGGREGATION IS ASYNC: Source system aggregation runs as background tasks; automated real-time-aggregation assumption creates stale_identity for identity data queried before aggregation completes; automated must trigger and wait for aggregation completion before querying fresh identity data
  • TASK MANAGEMENT REQUIRES TASK ID POLLING: Long-running operations (certifications, provisioning) return task IDs; automated sync-completion assumption creates incomplete_operation for operations not polling task status to completion; automated must poll task status until success or failure
  • PROVISIONING PLANS REQUIRE ACCOUNT SCHEMA: Provisioning to target systems requires correct account schema attributes; automated generic-attributes assumption creates provisioning_failure for provisioning requests with attributes not matching target system schema; automated must use target system's account schema attributes
  • ENTITLEMENTS ARE SOURCE-SPECIFIC: Access entitlements are tied to specific source systems; automated cross-source assumption creates entitlement_not_found for entitlement IDs used across different sources; automated must use entitlement IDs from the correct source system
  • CERTIFICATION DECISIONS HAVE BULK LIMITS: Certification decision APIs have bulk operation limits; automated unlimited-bulk assumption creates rate_limit_exceeded for large certification campaigns submitting decisions beyond bulk limits; automated must paginate and rate-limit bulk decision submissions

Alternatives

saviynt-api one-identity-api forgerock-api cyberark-pam-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for SailPoint Identity Security Cloud REST API.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered