Skip to content
A simple way to deploy SailPoint's IdentityIQ 8.0 into a series of docker containers mimicking the core components of most development environments allowing organizations to get new development team members up on their baseline code in minutes.
Shell Dockerfile Batchfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Pushing Version 1.0 Aug 10, 2019
ssb Pushing Version 1.0 Aug 10, 2019
.gitignore Pushing Version 1.0 Aug 10, 2019

SailPoint IdentityIQ Dockerized


Please note that IdentityIQ is closed source so you first need to get a license for IdentityIQ. To do this, go to to download the software ( &

The file can currently be found at:

The file can currently be found at:

Once you clone the repository, you will put the downloaded files into the src/ directory to get started.

This does not include ANY SailPoint proprietary code and can only be used if you get these binaries from Compass.


This installation will provide you a working instance of SailPoint IdentityIQ 8.0 running with OpenJDK and Tomcat 9 in a docker container.

An additional container is built utilizing mysql to host the IdentityIQ database and an Apache webserver proxying the connections back to Tomcat.

This project was heavily inspired by ssperling/sailpoint-iiq.

Container will run in background, IIQ will be run from mounted volume.


Get started with docker you can follow our instructions here:

Some additional instructions on getting set up on a Windows 10 machine can be found here:


  1. ./uedocker/volumes/app-logs => Contains the /ue/logs/tomcat directory with all the tomcat logs for troubleshooting.
  2. ./uedocker/volumes/app-scripts => Contains scripts to bootstrap the database and also IIQ with the basic xml files.
  3. ./uedocker/volumes/app-ue => Contains the /ue/iiq/tomcat/webapps/ue directory in a read-write capacity so you can make updates directly for testing.
  4. ./uedocker/volumes/web-logs => Contains the /ue/logs/https directory with all the Apache logs for troubleshooting.


Five ports are exposed:

  • 80: default Apache port.
  • 443: default Apache SSL port.
  • 3060: default Mysql port.
  • 8080: default Tomcat port.
  • 8009: default Tomcat debug port.

How to build SailPoint IdentityIQ and run the docker containers

Clone this repository locally to your computer:

git clone

First things first, please return to the top of this article and validate that you have placed the and files into the ./src directory.

We are huge proponents of SailPoint's Standard Services Build process. In fact, it's the first thing we setup when we go into a customer environment because it saves everyone so much time. It can be used to very quickly package up your SailPoint code and environment specific configuration files as part of a continuous integration and continuous delivery pipeline. Normally, one would set up SSB once per environment but we have included some of the files we use to be able to service multiple environments (and customers) out of a single build process.

More on SSB and it's benefits can be found at:

We utilize the SSB process to stage all of the code for our SailPoint deployments. To integrate your own existing code into the build process create a folder under ./ssb/components/<your folder name> and then edit ./ssb/envconfig/local-dev/components.txt to include the name of your folder. This is probably the quickest way to get your code into the builds and have your customized version of SailPoint up and running in the container.

Building the Baseline War File

First we want to validate your war can actually build before we build the docker containers. To do this, go to ./ssb and execute the script

This should copy and extract the SSB and IdentityIQ 8.0 files into the appropriate places and take you through the SSB build process for the local dev environment. If successful, you should see a message that says BUILD SUCCESSFUL at the end of the run. This is a great sign.

Building the Containers and Deploying SailPoint IdentityIQ 8.0

Now that we've proven that IIQ 8.0 can build, it's time to actually build the containers.

Change directory into ../uedocker and execute the build script.

This script will build the application war file again, download the baseline docker containers to your machine, create the IIQ database, deploy the application and start the containers with our custom configuration.

In about 5 minutes you'll have an entire running set of docker containers with IIQ 8.0 deployed in it ready to run.


To make your life easier, you can import the certificate from ICAM-HTTPD/local-dev.cer into your browser as a trusted certificate.


Go to https://dev.icam.local/ue/login.jsf User: spadmin Password: admin

By default we have given Tomcat limited resources to keep the memory sizes down, so it may take a few minutes for the container to warm up and no longer throw a 500 error.

Additional Info

This is a great way to get developers up and running with IdentityIQ very quickly. These same principles can be extended to your integrated development, test and production environments. If you're looking to apply continuous integration, continuous delivery and docker or kubernetes based containers in your environment please reach out to us at and we'd love to help you and your team be more efficient in your SailPoint development process.

To get an idea of what this might look like, here is what a typical CI/CD docker based deployment looks like for our customers:

SailPoint IdentityIQ Docker CI/CD Process

You can’t perform that action at this time.