Service Container Architecture for IAM Deployments
This technical session demonstrates how to implement CI/CD pipelines for SailPoint IdentityIQ and IdentityNow using containerized service architectures. Zach Adams from Instrumental Identity presents a three-phase pipeline approach encompassing pre-deployment testing (linting, syntax checks, unit testing), automated deployments with reverse tokenization, and post-deployment QA including UI testing with Selenium. The architecture leverages ambient computing resources from developer workstations rather than dedicated build servers, addressing common organizational constraints around hardware availability and cost. The solution uses YAML-based pipeline definitions that work across GitLab, Jenkins, Azure DevOps, and GitHub, with container registries built into source control platforms for image management.
Practical Implementation with GitLab and Configuration Hub
The demonstration showcases a working GitLab CI/CD pipeline that validates rules, tests transforms, and deploys configuration objects to IdentityNow tenants using Configuration Hub APIs. Key features include environment-specific variable management, JUnit test reporting for validation results, automated badge generation for repository health visibility, and event trigger integration that enables IdentityNow to manage its own Git repository through UI-driven changes. The pipeline handles connectivity testing, rule validation against SailPoint's cloud rule requirements, transform unit testing with given/expected value pairs, and workflow validation. Deployment artifacts are tracked with timestamped backups in Configuration Hub, providing auditable deployment records without manual intervention.
Developer Experience with Visual Studio Code Dev Containers
Beyond pipeline automation, the service container approach extends to local development environments through Visual Studio Code's dev containers feature. Developers can reopen projects inside the service container image, gaining immediate access to pre-configured tools, embedded secrets, and standardized extensions like the IdentityNow VS Code extension with tenants already connected. This eliminates environment setup friction for new team members, reducing onboarding time to approximately two minutes. The containerized development environment ensures consistency across the team, prevents secret sharing via email, and enables developers to run pipeline tools ad hoc through a text user interface or direct Python script execution. This approach supports edge computing models where developer workstations serve as distributed pipeline runners, providing high availability without dedicated infrastructure.
