-
Notifications
You must be signed in to change notification settings - Fork 19
Getting Started
The SailPoint CLI is a terminal-based tool you can use to to interact with your Identity Security Cloud (ISC) tenant. The CLI provides a text-based environment you can use to run operations known as "commands" to interact with your tenant however you want.
You can use the CLI to perform many functions you would have otherwise used Postman or custom scripts to perform before. For example, you can use the CLI to call the SailPoint APIs to do whatever you want in your ISC tenant, and you can do all this directly on the command line, with minimal setup.
Learn how to use the SailPoint command line interface (CLI) in this guide.
- Start using the CLI
- Contents
- Get the CLI
- Configuration
- Environment variable configuration
- Usage
- GitHub
- Contribution
- Questions
To install the SailPoint CLI: use a package manager for the OS of your choice. Prebuilt binaries for OS X, Windows, and Linux are provided in each release.
:::info
Note this installer is only compatible with 64 bit Windows.
:::
Download the latest release from the releases page. The release should include an MSI file named sail_x.x.x_windows_amd64.msi
that can be installed on Windows, with x.x.x
being the version of the most recent release.
To install the MSI file, double click on it and follow the prompts in the installer.
MacOS users can use Homebrew to install the CLI. Run these commands in your terminal:
brew tap sailpoint-oss/tap && brew install sailpoint-cli
Then make sure you can run the sail
command.
Each release on the releases page includes a tarball that can be extracted and run on Linux. Or you can install using the available .deb or .rpm packages.
Download the specific .deb package from the release you wish to install
Then install it using one of the following commands, with the x.x.x
being the version of the most recent release.
sudo apt install ./sail_x.x.x_linux_amd64.deb
sudo apt install /path/to/deb/package/sail_x.x.x_linux_amd64.deb
Download the specific .rpm package from the release you wish to install
Then install it using one of the following commands, with the x.x.x
being the version of the most recent release.
sudo yum localinstall ./sail_x.x.x_linux_amd64.rpm
sudo yum localinstall /path/to/rpm/package/sail_x.x.x_linux_amd64.rpm
To configure the CLI to connect and authenticate to your ISC tenant, you must do the following:
- Find your tenant name. To learn how to find it, refer to Getting Started. The CLI will use this tenant name to connect to your ISC instance.
- OAuth
- PAT | Create a personal access token (PAT). Make sure to note the "Client ID" and "Client Secret." The CLI needs this information to authenticate successfully. To learn how to create a PAT, refer to Personal Access Tokens.
To configure your first environment for OAuth run the following command:
sail env {environment}
with {environment}
being the name of the environment you wish to configure.
You will be prompted for the following information:
- The Tenant URL - The web URL used to access your Identity Security Cloud tenant (ex. https://tenant.identitynow.com), this is used during the OAuth process.
- The API URL - The API URL used to access your Identity Security Cloud tenant (ex. https://tenant.api.identitynow.com), this is used for the api calls made by certain commands.
With the default environment values populated you can immediately begin using the CLI with OAuth authentication. Just make sure OAuth is your selected authentication method, this can be done by running sail set auth oauth
.
After you have configured your environment, if you want to use PAT authentication, run the sail set pat
command. You can then provide your PAT client ID and client secret.
Once you have provided your client ID and client secret, you can swap your auth method to PAT using sail set auth pat
.
You can also store your configuration in environment variables. This can be useful when you are using the CLI in an automated environment like a continuous integration and continuous deployment (CI/CD) pipeline. In these types of scenarios, consuming the configuration from environment variables would be easier than creating the configuration file.
To export the environment variables on Linux/Mac, open your terminal app and run these commands:
export SAIL_BASE_URL=https://{tenant}.api.identitynow.com
export SAIL_CLIENT_ID={clientID}
export SAIL_CLIENT_SECRET={clientSecret}
To get your environment variables to persist across terminal sessions, add these exports to your shell profile, something like ~/.bash_profile
.
To store your configuration in environment variables on Windows, run Powershell as an administrator and run these commands:
$env:SAIL_BASE_URL=https://{tenant}.api.identitynow.com
$env:SAIL_CLIENT_ID={clientID}
$env:SAIL_CLIENT_SECRET={clientSecret}
To get your environment variables to persist across PowerShell sessions, run this command instead:
[System.Environment]::SetEnvironmentVariable('SAIL_BASE_URL','https://{tenant}.api.identitynow.com')
[System.Environment]::SetEnvironmentVariable('SAIL_CLIENT_ID','{clientID}')
[System.Environment]::SetEnvironmentVariable('SAIL_CLIENT_SECRET','clientSecret}')
Run the sail
command for an overview of available commands and flags. You can use the -h
flag with any command to see additional options for each command:
These commands are available:
-
connectors
: This command is a CLI interface for the SaaS Connectivity platform. The CLI is the best way to create and manage SaaS connectors within your tenant. For more information about theconnectors
command, refer to the CLI Connectors guide. -
search
: Run this command to access ISC search functionality within the CLI. For more information about thesearch
command, refer to the CLI Search guide. -
set
: Run this command to configure your CLI settings. For more information about theset
command, refer to the CLI Set guide. -
spconfig
: Run this command to access ISC SP Config functionality. For more information about thespconfig
command, refer to the CLI SPConfig guide. -
transform
: This command is a CLI interface that makes it easy to create, manage, and test transforms. For more information about thetransform
command, refer to the CLI Transforms guide. -
va
: Run this command to access VAs connected to your tenant. For more information about theva
command, refer to the CLI VA guide. -
cluster
: Run this command to access VA clusters connected to your tenant. For more information about thecluster
command, refer to the CLI Clusters guide. -
workflow
: Run this command to create and manage workflows within the CLI. For more information about theworkflow
command, refer to the CLI Workflows guide.
You will find the SailPoint GitHub CLI repo here: https://github.com/sailpoint-oss/sailpoint-cli
Please use GitHub issues to submit bugs or make feature requests.
Do you have an idea to help improve the CLI? You can contribute directly!
Before you contribute, you must sign our CLA and read the Contribution Guidelines.
If you have questions about the CLI, don't hesitate to reach out on the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss!
- API
-
Authentication
- Find your tenant's OAuth details
- Generate a personal access token
- Choose authorization grant flow
- Request access token with client credentials grant flow
- Request access token with authorization code grant flow
- Request access token with refresh token grant flow
- OAuth token response
- More Information
- Troubleshooting
- Clusters
- Connectors
- Getting Started
- Sanitize
- Search
- Set
- SPConfig
- Transforms
- VA
- Workflows
- Templates