Try our new research platform with insights from 80,000+ expert users
PeerSpot user
Principal Technologist
Vendor
IdentityIQ is flexible but customizing everything will add to your costs now and your maintenance later. Keep it simple.

What is most valuable?

User Access Review, User Access Request and SOD Policy detection. Another important feature is IdentityIQ’s provisioning broker which allows us to either use its built-in provisioning engine or easily integrate with third-party provisioning and help desk/ticketing systems (such as IBM TIM/SIM, Oracle IdM, BMC IDM, BMC Service Desk, Novell IdM, Microsoft Forefront IdM, ServiceNow etc.) The backend provisioning of IdentityIQ is lightweight and fast to implement. Generally account provisioning can be setup in days versus weeks as is the case with some of the competing products.

SailPoint’s roots began with governance and compliance in 2006. Over time the IdentityIQ compliance and governance stack (user access reviews, SOD and access request) has evolved to provide deeper and more flexible functionality than we’ve found with competitors.

How has it helped my organization?

We’ve used IdentityIQ to help customers update their ‘paper and spreadsheet’ based user access review processes. This has helped customers increase the efficiency of access reviews, reduce workload, increase oversight of access remediation as well as start to fulfill regulatory and audit compliance requirements that where previously unattainable.

We’ve seen organisations go from detecting and reviewing high-severity SOD Policy violations once or twice a year to being able to detect and remediate SOD violations in the same day. IdentityIQ provides the detection, enforcement and traceability to take the manual, paper-based policies into real automated rules.

Many of our customers have also used IdentityIQ to replace homegrown and out dated access request solutions (some even manual and paper based), as well as migrate away from expensive and difficult-to-implement provisioning systems. Implementing IdentityIQ has allowed customers to reduce the cost of on-boarding applications into enterprise access review and access request processes as well as tightly integrate access request and remediation with approval workflows and back-end provisioning.

What needs improvement?

Unlike other competing products IdentityIQ is designed with end-users in mind rather than just targeting the IAM system administrators, we would like to have a bit more flexibility in how the screens are laid-out and the content. Some of our clients prefer feature-rich UI/screens whilst other would like to have simpler interaction and presentation.

Dashboards – whilst better and more feature rich than a number of competing products, they are still nowhere near the functionality one gets from dedicated portal and analytics tools (eg. drill-downs, comparative views, etc.).

Report writing is much better in the latest versions, but it is still not comparable to what one can get out of dedicated reporting tools.

For how long have I used the solution?

I started working with IdentityIQ in 2007. Until now, I’ve been actively involved in design and configuration of a large number of IdentityIQ deployments across Australia, Asia, America and the Middle East. We (First Point Global) have been a SailPoint partner since 2007.

Buyer's Guide
SailPoint Identity Security Cloud
November 2024
Learn what your peers think about SailPoint Identity Security Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.

What was my experience with deployment of the solution?

In terms of the product itself - no. Deployment of the product is very straightforward; there are a lot of resources available to assist you in finding the answer to any deployment question you might come up with. There is a large community of people working on IdentityIQ. If you come across a problem there’s always someone around that’s done that before and has suggestions.

The main challenge has been that each client’s environment is different; from the way in which they configure their ‘managed’ systems, to constraints imposed by the client’s SOE (standard operating environment), to the client’s infrastructure topology, to change control and migration processes and tools the client wants to/has to use.

One of the main challenges is for clients to understand and accept that IdentityIQ implementations are not a systems development/coding exercise; rather IdentityIQ deployment is more about configuration than coding.

What do I think about the stability of the solution?

No, IdentityIQ is stable. It has easy, built-in redundancy to handle any unforeseen events. Also, server management is simple and easy to understand.

What do I think about the scalability of the solution?

IdentityIQ scales well both vertically (‘bigger’ servers) and horizontally. When load increases additional servers can be added to the UI or task server groups with minimal configuration effort. IdentityIQ supports the notion of having dedicated UI servers handling user interaction and task servers, which handle background activities (eg. data loading and refresh, generating reports, re-evaluating SOD policies, etc.). IdentityIQ manages its own batch server load balancing in the background. SailPoint also provide whitepapers and supporting materials on tuning your IdentityIQ deployment to meet your needs and your environment.

However, we have encountered issues using IdentityIQ on virtualized platforms. These were caused by the virtualization hosts being overloaded (i.e. several virtual machines on one overloaded host). If you are going to virtualise IdentityIQ application servers, I would recommend allocating vCPU and memory to each virtual machine. If resources are not allocated, IdentityIQ can be starved by other virtual machines running on the same hosts.

How are customer service and support?

Customer Service:

Great, SailPoint offers several points of contact. You can use either the SailPoint communities, customer portal (Salesforce-based) for management of support cases and queries, or directly contact your professional services manger or engagement manager. SailPoint has staff located in most geographies and it’s easy to get hold of someone technical when you need a hand.

Technical Support:

Excellent, SailPoint provides both customer and partner community forums; SailPoint technical staff, partners and customers actively contribute to these forums. Often you can find the answer to a question in a forum without the need to raise a support ticket. The communities are an invaluable repository of technical knowhow as well as a source for documentation, tutorials and videos. SailPoint also holds regular webinars. These and all whitepapers are stored and made available to the community. By using the community, it’s possible to find out who has done it before, see what solutions they came up with, as well as even contact that person to ask questions. It’s a great way to get to the bottom of something quickly.

SailPoint support engineers are located in most geographies so your questions get answered quickly. The SEs are also approachable and easy to work with.

Which solution did I use previously and why did I switch?

As a company we implement identity solutions for customers. We’ve implemented a variety of product replacements and migrations, including:

Oracle Identity Analytics (OIA) replacement (formally Sun Role Manager and Vaau RBAC), OIA lacked the flexibility and functionality to meet the customers’ SOD (Segregation of Duty) Policy requirements as well as entitlement and role modeling requirements. Lack of industry resources with implementation product knowledge was also a factor in retiring OIA solutions; lack of supported application connectors (and/or complexity, eg. requiring fully functional implementation of Oracle IdM for OIA to function) was another factor.

BMC IDM / Control-SA, we’ve implemented both Control SA replacement, and more recently we worked on Control SA end-of-life migration projects. SailPoint offers a clear migration strategy to replace existing Control SA/ESS deployments. SailPoint acquired the BMCs IDM/Control-SA Connector stack people/technology to make migration much simpler exercise; replacing Control SA/ESS can be as simple as configuring the application connectors in IdentityIQ and pointing them to the existing Control SA Agents or Service Manager. Since acquiring the BMC ESS Connector stack, SailPoint has started rewriting the connectors into agentless Java connectors which are simpler to use. Some legacy connections still require agents i.e. RACF, ACF2, NIS.

Prior to compliance and governance solutions coming to the forefront of identity management, we found our customers were starting to think about and “roll their own” solutions to complement the gaps in their IdM stacks; this often involved attempting to ‘bolt on’ access reviews and SOD functionality into existing provisioning systems.We’ve worked with customers to replace several in-house developed solutions, including customer-developed Access Request, User Access Review and even a custom developed Provisioning system! In each case the customer chose to migrate off their home-rolled solution to take advantage of the savings offered from an out-of-the-box solution as well as take advance of the deep compliance and provisioning functionality that IdentityIQ offers.

How was the initial setup?

Installation requires knowledge of application servers and relational databases; a high availability environment can be setup in a matter of hours-days once infrastructure is in place. IdentityIQ requires a relational database and supports all the main flavors, Oracle, IBM, Microsoft, MySQL; IdentityIQ runs on a Java application server, again the common platforms are supported, Oracle, IBM, Apache Tomcat and Red Hat JBoss.

What about the implementation team?

We (First Point Global) are a solutions integrator specialising in identity management; a typical project implementation team involves First Point Global consultants with years of experience in deploying IdentityIQ into large organisations. We work with and train the customer team to up-skill employees to assist in transfer of the IdentityIQ solution from implementation to BAU.

Of course you will always rate yourself as high, but we are the largest team of IdentityIQ implementers in APAC. Also, we won the SailPoint Amarda Award in both 2013 and 2014 for SailPoint’s top partner in the Asia Pacific region.

What was our ROI?

Through our implementations we’ve seen the existing manual access review processes shrink from a team of people used to gather, send and review certification results down to one or two administrators. Gathering of account data, sending of access review notifications, escalation of incomplete access reviews and detection of remediation is all automated. Administrators can focus on reviewing the results not doing the heavy lifting, results can be easily summarised for the people that need it.

IdentityIQ is still a relatively new comer to identity management, but its implementation is modern and it has built on the lessons learnt from the older, harder to use and often cryptically complex provisioning systems. Workflows and connections to applications do not need to be complex and take far less time to implement than heavy provisioning systems.

IdentityIQ is quicker to implement than its pure provisioning counterparts, implementing IdentityIQ for compliance and governance means you can later reuse the existing on-boarded application connections to implement provisioning.

What's my experience with pricing, setup cost, and licensing?

The cost associated with setup depends on the scope of work, and largely the extent of integration with the applications to be on boarded as well as the functionality applied to those applications (i.e. access review, access request, provisioning, roles, SOD, etc.).

IdentityIQ is a very flexible product. We’ve found the key to using it well and getting the best value for money is to determine how to model your access review, access request or provisioning processes in IdentityIQ, then apply that to a majority of applications. If applications require unique processes for each department, there can be additional configuration overhead, aim for economies of scale where possible.

Some examples of projects:

-30 day IdentityIQ ‘quickstart’ project, on-boarding of 7 high-risk enterprise applications + HR feeds. User access reviews configured and kicked-off in production.

-90 day Control SA migration project, migration of hundreds of provisioned applications into IdentityIQ. And replacement of Control SA Password Management and Access Request functionality with IdentityIQ

-100-200 days IdentityIQ governance project, on-boarding of all enterprise applications into IdentityIQ to perform regular access reviews and detect SOD violations as they occur.

For day to day running of IdentityIQ post implementation we generally advise a small administration team of 2-3 people; some of our clients are supporting IdentityIQ deployment with a 0.5 FTE. Administrators are responsible for performing general house keeping as well as fielding queries on access reviews and scheduling access reviews, new application on-boarding and patching.

Which other solutions did I evaluate?

We’ve reviewed Oracle Identity Analytics (OIA) and RSA as well as the Dell offerings. Of the three we found RSA Aveska the closest competitor to SailPoint; the Oracle and Dell offerings do not have the same depth of functionality. When doing feature-by-feature comparison as is in a typical RFP/RFQ the majority of IdM products look the same. There are two areas where IdentityIQ often proved to be better than competing products were ‘time to market’ (i.e. how long it takes and how much effort is required to start addressing real issues and delivering value to the business) and complex user access review scenarios.

What other advice do I have?

Listen to the vendor and other clients who have successfully implemented the product; lots of, problems with hardware and implementation process can be avoided by taking the advice of those who have been there before.

Ensure the project has strong leadership. You’ll need this to ensure cooperation of system administrators that are often protective of access to their applications. You need to configure provisioning, but administrators will only give you a read-only account until it is proven it works and will not cause problems. Or enterprise architects may insist that all integration has to be done through corporate middleware, requiring lots of custom development, rather than using OTB connectors.

Make sure your hardware meets the SailPoint requirements (see the ‘IdentityIQ Performance Optimization Checklist’ on SailPoint’s forum - this details the required hardware and network requirements at a glance). IdentityIQ supports virtualisation nicely, but you do need to make sure your virtualisation hosts have enough resources to meet IdentityIQ processing requirements. We suggest allocating CPUs and memory to IdentityIQ application hosts to ensure dedicated usage of required resources.

Make sure your database and application servers have a low latency round trip. We recommend putting the two in the same data centre. IdentityIQ is a big user of data - lower the time it takes to retrieve the data and the UI and batch tasks perform snappier.

Install your development environment to get started with IdentityIQ, then read the ‘IdentityIQ Performance Management Guide’ to ensure that all non-development environments are installed and tuned correctly for your infrastructure. A tuned environment is a fast environment; and fast environment means happy end-user. Also, make sure your administrators do regular health checks.

Deploying IdentityIQ is an integration task, use agile development to on-board applications quickly, have a simple to document application template to capture integration details, but remember you are not designing a system from the ground up. This is not a Java/VB/C++/you-name-it coding exercise.

Using OOTB means fast implementation times and lower cost to you. IdentityIQ is flexible but customizing everything will add to your costs now and your maintenance later. Keep it simple and keep the process standardised.

How often do you need to refresh the data? The hardware required to run IdentityIQ is largely dependent on how often you configure IdentityIQ to reload the data. How often the data is really required to be reloaded is largely dependent on the features you are using,. For example, SOD policy violation detect might require daily updates, but reviewing user access quarterly does not require daily data refreshing!

If you do want to keep all data up to date, then be smart and take advantage of IdentityIQ’s delta aggregation and partitioning functionality. Build application on-boarding tuning into your application on-boarding process and have database administrators review queries for performance.

Always utilise the direct connectors. Although IdentityIQ supports a variety of file feed connectors using the direct connectors now means you can take advantage of provisioning later without reconfiguring. Remember file feeds are unlikely to match the data the direct connector will pull back, reuse the investment SailPoint have made in the OOTB connectors and save time and money!

Standardise the compliance processes applied to applications. IdentityIQ is flexible but a unique access review process for each application will require more configuration and maintenance. Keep it simple and easy to maintain.

IdentityIQ has been the market leader according to the Gartner IGA Magic Quadrant for the past two years. We deploy and support several identity and access management products, and have reviewed numerous other vendors’ offerings.On balance we find IdentityIQ to have the best mix of functionality and ease of use, as well as being the easiest and most flexible to deploy.Quite a few of our engineers prefer to use and deploy IdentityIQ over other compliance, governance and provisioning solutions.

Disclosure: My company has a business relationship with this vendor other than being a customer: First Point Global is a System Integrator/Reseller Partner; we implement IdentityIQ based solutions on behalf of customers, we started working with IdentityIQ in 2007. In 2013 and 2014 we won the SailPoint Armada Award due to being the top partner in the Asia Pacific region. We are also certified IdentityIQ trainers.
PeerSpot user

Hello Matt!
Your review about identityIQ was very helpful. I have a few questions though. For an organisation of 2000 employees could you make an approximation of the purchase cost? Furthermore, how much percent of the initial cost would be the maintenance cost. (2) What is the duration of the vendor support?

Also, would you have an idea about the RSA maintenance cost and initial cost as compared to IdentityIQ?

Thank you!
Christie Potla

See all 2 comments
Kaustubh Partha - PeerSpot reviewer
Technical Support Analyst at CLSA
Real User
Top 10
Empower users with robust IT security and seamless approval workflows
Pros and Cons
  • "SailPoint has an edge in terms of security since administrators have limited access, unlike ServiceNow where you can change everything. This adds a significant security advantage."
  • "SailPoint has an edge in terms of security since administrators have limited access, unlike ServiceNow where you can change everything."
  • "The workflow and user interface of SailPoint are not as smooth as ServiceNow's."
  • "The workflow and user interface of SailPoint are not as smooth as ServiceNow's. I find raising a ticket to be too complex, which could be improved for better user-friendliness."

What is our primary use case?

I raise requests on SailPoint, for example, if there is any server-related access needed. I use it more as an end-user, like raising simple tickets for identity access management.

What is most valuable?

SailPoint is more focused on IT security. I find that the approvals that flow through SailPoint are much better than what ServiceNow offers. SailPoint has an edge in terms of security since administrators have limited access, unlike ServiceNow where you can change everything. This adds a significant security advantage.

What needs improvement?

The workflow and user interface of SailPoint are not as smooth as ServiceNow's. I find raising a ticket to be too complex, which could be improved for better user-friendliness. Keeping the workflow as easy as possible would allow users to achieve their goals with more ease.

For how long have I used the solution?

I have been raising requests on SailPoint for two years. I believe we implemented SailPoint around 2022.

What do I think about the stability of the solution?

I agree that SailPoint was stable during my usage.

What do I think about the scalability of the solution?

SailPoint is scalable, though challenges exist in terms of workflow and user interface design.

How are customer service and support?

SailPoint's technical support is better than ServiceNow's. SailPoint's team consists of specialists who handle tickets without needing to depend on other teams. This provides an edge in customer support.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We previously used ServiceNow for identity access management, however, SailPoint was implemented in 2022 for more robust security.

How was the initial setup?

The application installation for SailPoint is straightforward. Challenges may arise at the infrastructure level, such as deciding on the server, database, and technology.

What's my experience with pricing, setup cost, and licensing?

SailPoint is cheaper than ServiceNow, which is very expensive.

Which other solutions did I evaluate?

We used ServiceNow before switching to SailPoint for more focused IT security.

What other advice do I have?

I would rate SailPoint Identity Security Cloud an eight out of ten. 

My advice would be to make the workflow as easy as possible so that users can achieve their goals with minimal clicks.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
SailPoint Identity Security Cloud
November 2024
Learn what your peers think about SailPoint Identity Security Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
reviewer2514855 - PeerSpot reviewer
System Engineer at a consultancy with 10,001+ employees
MSP
Top 10
Provides ease of use to users
Pros and Cons
  • "The solution's most valuable feature is its ease of use."
  • "The product is unable to share suggestions with users."

What is our primary use case?

I use the solution in my company just to open some roles for new people or maybe those who need more particulars, so we just search for the roles and apply them to those. My company had dealt with some particular comments, like who had why the tool is needed and its justification in the business. , after which the managers approved it or whoever was in the top positions. It is basically for managing user access at the end of the day.

What is most valuable?

The solution's most valuable feature is its ease of use. It has functionality that allows me to search for or compare with others.

What needs improvement?

I don't use SailPoint that much because I have a particular role in my company. Considering the time since I last used the tool, it doesn't need anything more.

The product is unable to share suggestions with users. For example, if I put something like ABC, the tool will not be able to say something that is related to it. In some other tools, if I just start with the initials, it will show me the whole thing, but with SailPoint Identity Security Cloud, I couldn't find it. If I am just searching for a role, like PR or something, or if I write PR, it should provide me with some suggestive rules, which may be two, three, five, or whatever the role numbers. I have to write the full name, and then it will appear.

For how long have I used the solution?

I have been using SailPoint Identity Security Cloud for two years. I don't remember the version of the solution since the client who uses it will have to update it by themselves.

What do I think about the stability of the solution?

I did not experience any breakdowns or bugs in the product.

What do I think about the scalability of the solution?

More than 100 people in my team use the product.

How are customer service and support?

Our company's client, who uses the product, takes care of the technical support for the solution.

How was the initial setup?

The product's initial setup phase is not so difficult, so it is easy. There are no installation-related issues with the product.

The solution is deployed on an on-premises model.

What's my experience with pricing, setup cost, and licensing?

As per my knowledge, it runs on a paid partnership model, but I am not sure about it.

What other advice do I have?

One should definitely use the product since there are no prerequisites or things that you should know. The tool is very easy to use, and there is nothing in it that you should find very difficult to understand or learn.

It is easy for a beginner to learn to use the product for the first time.

I rate the product an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Tomi Pitkanen - PeerSpot reviewer
Head of ICT Security at Neste
Real User
Top 20
Good scalability and provides value for its cost
Pros and Cons
  • "It is a scalable product."
  • "We have had a lot of service breaks because of the lack of support."

What is most valuable?

The whole package is useful. It matches the item to the management, so I can't pinpoint any specific individual feature.

What needs improvement?

We are satisfied with the product overall. But the challenging point has been that we are buying the service and support from CyberIAM, but the SailPoint has remained unchanged. The average support has been a big disappointment.

Another problem we face is that we have around 450 to 500 data applications in our environment, and everyone wants customized identity management for their specific application. It takes a huge amount of time to onboard all of them, and maybe that's the only weakness.

For how long have I used the solution?

I have been working with SailPoint IdentityIQ for two years. We have been implementing it for over two years now, but we are still in the process of getting all of our legacy applications on board.

What do I think about the stability of the solution?

It is a stable product.

What do I think about the scalability of the solution?

It is a scalable product.

How are customer service and support?

We are only the second customer in Europe who is using the consulting services. The majority of the service is with customers on the US side, and we have been fighting on this topic for at least 18 months, which has been quite a downside. But otherwise, technically, the platform is really good. We have had a lot of service breaks because of the lack of support.

How would you rate customer service and support?

Neutral

How was the initial setup?

The platform deployment was pretty easy. But when you start to onboard the applications, it becomes more complex. The whole configuration depends on the application architecture and how you should set it up. All the cases are different, and that can be quite challenging.

What's my experience with pricing, setup cost, and licensing?

All of the good products, like SailPoint, are expensive. But when you qualify the cost and then have to weigh the benefits and opportunities it gives you, it's a bit difficult to say whether it's expensive. SailPoint is expensive on the market but also produces real value.

Which other solutions did I evaluate?

We had some smaller implementations with different products, but not similar ones.

We presented our project to a vendor and then did a proof of concept with several products before selecting SailPoint IdentityIQ.

What other advice do I have?

It is suitable for both small and enterprise-level companies. I would advise reaching out to a company that has already implemented it and asking their experts how they feel about using it. Once you get benchmarking information, it becomes easy to make the decision.

Overall, I would rate it an eight out of ten. There is room for improvement with regard to their technical support and complex configuration.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chris_Martin - PeerSpot reviewer
Head of Advisory at Dotnext Europe
Reseller
Top 10
Used for identity management and access requests
Pros and Cons
  • "The solution's most valuable feature is its integration with Slack for the notification of access requests."
  • "The solution needs to have more out-of-the-box integration with different applications and solutions."

What is our primary use case?

We use the solution for identity management and access requests.

What is most valuable?

The solution's most valuable feature is its integration with Slack for the notification of access requests.

What needs improvement?

The solution needs to have more out-of-the-box integration with different applications and solutions. I would like to see the solution integrated with MFA tools like Gemalto, SafeNet, and One Identity.

Many consultancies charge a lot of money for services to implement the solution, which increases the project cost.

For how long have I used the solution?

I have been using SailPoint Identity Security Cloud for about one year.

What do I think about the stability of the solution?

SailPoint Identity Security Cloud is a very stable solution.

I rate the solution a nine out of ten for stability.

What do I think about the scalability of the solution?

Previously, around 10,000 users were working with the solution. Our customers for SailPoint Identity Security Cloud are mostly medium and enterprise businesses.

I rate the solution’s scalability ten out of ten.

How are customer service and support?

The solution’s technical support is very good.

How would you rate customer service and support?

Positive

How was the initial setup?

The solution's initial setup is a little complicated, but that's often because a project is complicated. The setup could be easier, but it needs to be flexible to meet a project's demands.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a six out of ten.

What about the implementation team?

The solution can be deployed in some hours. Yeah. It's generally a quick process to deploy the solution. Since it's a cloud service, it's all about trying to get that cloud service to talk to your applications. It's reasonably quick to have things ready, but you need to configure the tool to talk to your systems. The solution can be deployed either on-premises or in the cloud.

What's my experience with pricing, setup cost, and licensing?

It's difficult to say that the solution saved costs because it is quite expensive. Automation may make things easier and less error-prone, but it doesn't save on human power.

What other advice do I have?

The solution's role management capabilities enhance access controls. They help control different types of access and what people can have access to.

The solution has introduced some AI functionalities to improve identity management. However, SailPoint seems uncertain about how the AI had been trained and how the customer data would be safeguarded. AI is used in terms of learning and some security and access requests.

SailPoint Identity Security Cloud is mostly used in the energy utility sector. New users should know what you're trying to achieve with SailPoint Identity Security Cloud. You need to control the tool rather than the tool control what you do. Make sure you understand what you're trying to do with your project. SailPoint Identity Security Cloud is a very good tool that does a lot of things, but you have to configure it to do what you want.

Overall, I rate the solution an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator/Reseller
Flag as inappropriate
PeerSpot user
IT Engineer at a energy/utilities company with 1,001-5,000 employees
Real User
ROI has been outstanding and our user onboarding time has been significantly decreased
Pros and Cons
  • "We like the integration with other systems."
  • "I would like to see more Cloud management from this product."

What is our primary use case?

We primarily use this solution to manage our identity. We use it for identity access and onboarding accounts and users.

How has it helped my organization?

Previously, when someone came on board, it took them almost a week or two to get access, to settle in, to be able to become productive. Now, with SailPoint, we can get all of that done within a few hours. It has decreased the onboarding process and increased productivity.

What is most valuable?

So far, we are still in the implementation phase, but one feature that is so valuable is the life cycle management of identity. We also like the integration with other systems. Is very robust and solid. They built some plugins that are really well thought out and they handle most of our requirements. We also like the user interface of the product.

What needs improvement?

The service could be improved with some more out-of-the-box features. If the solution could make the forms more customizable, for example. They are very generic and any changes you make to them, you are doing customization. The solution needs more templates that meet general needs.

I would like to see more Cloud management from this product. Right now they have some, but they are currently plug-ins. It does not handle the management of some of the groups or dynamic groups in the Cloud. I would like to see that in the future. I have heard that they are releasing one soon, but I'm not sure when. That will help us a lot because we are a hybrid solution company. We have some on-prem, some in the Cloud, and we want to manage both.

For how long have I used the solution?

I've been using the solution for one and a half years.

What do I think about the stability of the solution?

When we were doing the request for proposal, we did evaluate stability and got some references from other big enterprise companies that use the product. So we knew, before we selected, we knew that they had a solid product. We've heard that from many of the references we received. But when they came and did the presentation for us, they impressed us. They knew the product, they listened to what we needed, what our pain points were, and they were able to answer our questions and provide us with answers to some of our use cases. We had our requirements and they were pretty much the only one from the other vendors that we selected that could meet ninety percent of all requirements. The rest, they were limited. They had some, or they were struggling on one feature, but not others. But SailPoint, they were strong in most of them.

What do I think about the scalability of the solution?

In terms of scalability, they can handle it. That was one of our requirements is how they could scale. We asked what number of accounts they can handle, and they were way beyond those. Some of their previous implementation, some of the companies they implemented for, they were four times the size of our company. So we were aware that this solution could handle our growth.

I would say we have about eighteen thousand users. 

Right now we are using the solution for onboarding user accounts. Primary and secondary accounts. Our second phase will be managing groups and applications, access to new groups and applications. Then the third, we'll go a little bit with analytics with doing some risk-scoring. Beyond that, we might even use it for any new innovation or company comes with, in terms of managing access to devices and IOTs.

How are customer service and technical support?

So far the integrators have been doing the support. I wish the support from SailPoint was a little bit faster than we've experienced so far. It has taken, sometimes, a couple of weeks to get feedback from them. At the same time, support played a big role in selecting the product.

Which solution did I use previously and why did I switch?

Previously, we picked a product that got moved between so many companies and got bought and merged, so the support was really horrible. We had bad support back then.

How was the initial setup?

The initial setup was straightforward. We knew our requirements, and we've got all the infrastructure required for the system. We didn't have a lot of issues with the product itself. There were some vulnerabilities in the product, but they addressed them in the next version. They were able to address them in version 7.3.

Our deployment took us about, I would say a week. We had to do it in different phases. 

The implementation strategy we had was to start with first, deploying development and QA systems. Then gather lessons learned from these systems, then go to production. That helped us a lot because we found out that we have a lot of concerns with our infrastructure. There were a lot of firewalls that we had to open to communicate with the external system, with the Cloud system that we needed to connect to. So, a lot of that was more like ad-hoc testing. Because we weren't sure how many of the firewall ports we needed to open and which ones we needed. That took a lot of our time. It was just the infrastructure from our end. In terms of the installation of the product and the implementation of it, that was very quick.

We have a big staff because we are integrating with so many other systems from HR to Active Directory to SAP. So the core team is about twelve to twenty people, but the extended team, I would say, if you combine them all together with all the work we've done, is probably more than thirty or forty. They are not all technical. Some of them were just there for governance or requirement gathering.

What about the implementation team?

We use an integrator to do all the coding for us, and that worked very well. They knew the product. They've implemented for a while for other clients. The company we work with is called Edgile and we have had a great experience working with them. We work very well with them. We consider them our partners. They understand our requirements, and they give us their feedback and their best practices. So we have a good relationship.

What was our ROI?

In terms of our phase one, to get people onboarded right away, within a day, that has saved us a lot of money. Also, the product discovered a lot of clean-up that we needed to do in the kind of systems that we integrate. Previously, we didn't know. So that helped us a lot in cleaning up some of our data. 

There are so many other features and other things that we can do probably, that we haven't gotten to that we know is going to save a lot in terms of the password reset support. Right now, our outsource company handles that. Once we start implementing that in a few more weeks, people will have self-service password resets. They don't need to call the help desk to get it unlocked. It costs us money, using the help desk. They will be able to do it themselves and it will save us money.

Group management and access to the application will help us too. Right now, that's all done through ticket requests and manual access implementation. In our next phase, that's all going to be automated where do you go to a form and select that and you get access, get approved and get access. It will save us a lot of time from the support respect.

What's my experience with pricing, setup cost, and licensing?

The licensing fees are on a yearly basis. That's not my part of the job, so I don't know what the costs are. I handle Bio Supply management so I really don't know.

There are add-ons. A lot of them have to do with if we want any plug-in's. So if there's any new system that comes to our company that we want to integrate with, they sell their plug-ins as an add-on. It's not out-of-the-box. So integration with Active Directory, that was an add-on. Integration with SAP, that was an add-on. They are their own module. They are not packaged with the product that comes with it. You have to buy them separately. But, everybody needs them.

Which other solutions did I evaluate?

We had our previous vendor submit in our RFP, but they did not bring anything to the table that was new. There weren't many enhancements and improvements to the product and we really did not have a good experience with their support. 

We were looking at One Identity. SAPIEN was another one we looked at. Also, Okta, NetIQ, and Centrify. But, some of them were mainly cloud-based. Some of them were a mix of both, but more of cloud and less of on-prem. So, SailPoint was the right one that handled both.

We had some use cases that we gave to them and we needed them to answer how they would implement that use case. We wanted that feedback out of all of the vendors. SailPoint was the only one that came back with the right answers.

What other advice do I have?

We have some old processes in place that need to be revisited and updated. Those, of course, made our implementation a little bit late and we ran into some issues.

One of the hurdles has been that people are used to the old method and when a new change comes in, a lot of people are not very open-minded to it. So it takes a lot of training and convincing about this new technology. We need to make changes to the way the form looks, the process. We had to make a lot of changes to the current processes. We had very outdated processes that were not working well for us because we had to get a lot of exceptions. And any exceptions you make, you tend to break automation and start doing manual processes, and that slows down productivity. 

That was a little bit frustrating and a lesson learned. Feedback from the client and explaining to them why we're changing some of the processes, policies, and standards was challenging. But we had to do a lot of cleanup before doing the implementation. We had an old system that was there for more than seven years. So that product was almost at the end of its life and we had a lot of complaints from the client that they were fed up with it. They wanted a change. But they were not expecting a change to the forms and the processes. They were expecting us to just solve the issues and move on, not a big system change. So we're training people. We created a lot of videos for them to play back when they request things. That helped a lot. We created a blog for them to give us any of their feedback. So we can make improvements because we are still in phase two of our implementation. We still have three more phases to go.

For advice, I would say to make sure you gather your requirements first. Make sure you have more thoughts, make sure you know what your pain points are and what are you expecting to get out of the product that you select. That will help you a lot in selecting the right vendors. Secondly, have some solid use cases, and when you use those use cases, most of the time you should know the answer to the questions. That will help you in identifying who can meet your requirements.

Do your diligence in terms of getting some references. Specifically, references for a current implementation from another customer. Getting that information from that customer will help you a lot in terms of how their implementation went, and what their pain points were in implementation.

I would give the solution a nine out of ten. When every possible manual process we have right now can get automated, I'll give it a ten. We still have some processes that we have to do manually.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
HamadaElewa - PeerSpot reviewer
Technical Sales Manager at Spire Solutions
Reseller
Top 5Leaderboard
A highly scalable and stable product that is more efficient than other tools in the market
Pros and Cons
  • "The support is very good."
  • "We faced some issues while integrating the solution with a third-party tool."

What is most valuable?

The solution is brilliant in all aspects. SailPoint’s technical value exceeds what OpenText proposes. It is a really good product.

What needs improvement?

We faced some issues while integrating the solution with a third-party tool.

For how long have I used the solution?

I have been working with the tool since October 2023.

What do I think about the stability of the solution?

The tool is stable.

What do I think about the scalability of the solution?

The tool is very scalable. Even if the implementation exceeds the number of users decided previously, the tool will fulfill the needs and will still be stable. The solution is not suitable for small companies. The cost will be high.

How are customer service and support?

The support is very good. I rate the support team an eight and a half out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The implementation is straightforward. It depends on the environment and customers’ needs. However, it is easy.

What's my experience with pricing, setup cost, and licensing?

The pricing must be improved. The pricing is a little bit higher than other tools. The solution must provide different prices for different countries. All countries are not equally rich.

Which other solutions did I evaluate?

SailPoint IdentityIQ is more efficient than Micro Focus. We chose SailPoint IdentityIQ because it is stable and the support is good.

What other advice do I have?

We are distributors. Our main competitor is Micro Focus. It is now OpenText. I will recommend the product instead of other tools. It is one of the best IAM products in the market. The price is the only issue. Overall, I rate the tool an eight and a half out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
reviewer2036130 - PeerSpot reviewer
Lead IAM manager at a tech services company with 11-50 employees
Reseller
Top 5Leaderboard
The access certification feature is valuable but could include additional access levels
Pros and Cons
  • "The access certification feature is valuable."
  • "Certifications could include additional access levels or practices."

What is our primary use case?

Our company uses the solution to manage the life cycle and access control of users. 

We implement for various clients in the banking or investment industries in the Middle East. We also have a couple of government customers. All customers use the solution for employee management.  

What is most valuable?

The access certification feature is valuable. 

The solution is very customizable. 

What needs improvement?

Certifications could include additional access levels or practices. 

On occasion, there are difficulties with the management control when you attempt to apply things in a certain manner. 

For how long have I used the solution?

I have been using the solution for nine years. 

What do I think about the stability of the solution?

The stability is pretty good because it is a very customizable solution. If you don't know how to customize or if you make mistakes, then the solution can become unstable. 

What do I think about the scalability of the solution?

If you have enough hardware to support the on-premises version, then the solution is scalable. You need enough hardware to support the number of identities you want to manage. 

How are customer service and support?

Technical support is efficient and very, very good. If you raise a concern, support is readily available with a solution. Responses are received in a very timely manner. 

How was the initial setup?

The setup is very, very easy. Identity IQ is the on-premises software for the solution and it is easy to setup. There are modules to install so the only thing you need is time to complete them. 

What about the implementation team?

We implement the solution for customers. First you install and connect the web server. Then you install the database on top of it. If you want additional modules, then you can import the LT module on top. 

What's my experience with pricing, setup cost, and licensing?

The pricing is based on the number of users and is reasonable. 

What other advice do I have?

I highly recommend the solution and rate it a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
PeerSpot user
Buyer's Guide
Download our free SailPoint Identity Security Cloud Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free SailPoint Identity Security Cloud Report and get advice and tips from experienced pros sharing their opinions.