SailPoint Identity Security Cloud Reviews

The solution is one of the main security products you need to control access and have visibility into what's happening in your organization. It helps with managing access to applications, ensuring governance, and obtaining certifications. 

The product's most valuable features are identity access control and access certifications. 

SailPoint IdentityIQ needs to improve its customization. It should also incorporate some standardized tools for implementation. 

I have been working with the product for seven years. 

The solution is stable as long as the implementation is correct. 

I rate SailPoint IdentityIQ's scalability an eight out of ten. 

I haven't contacted the technical support team yet. 

SailPoint IdentityIQ's usability depends on how well it is implemented. To set up the product, you must configure it like a web application. This involves setting up a web server and determining the number of servers needed based on the site's requirements. The setup process can vary in complexity depending on the client's environment. It can take a day to complete. 

SailPoint IdentityIQ is too expensive for small and medium companies. It is an expensive product. 

If a customer wants certain automation during the identity lifecycle - for example, when hiring someone, letting someone go, or moving someone from one organization to another - you can automate tasks based on various factors like their role or department. The product simplifies tasks, especially those where certain individuals require specific access levels based on their roles. With automation, administrators don't need to manually remember or assign access levels for each role or department. 

I rate the overall product a seven out of ten. 

SailPoint IdentityIQ is for identity and access management.

What I like most about SailPoint IdentityIQ is that it's simple to use and easy to configure and deploy.

The pricing for SailPoint IdentityIQ has room for improvement because it's more expensive than other products in the market. If there's a price reduction, that would be helpful.

Another area for improvement in the product is the technical support, which needs to be more friendly to customers.

I want custom form building and custom workflow features added to SailPoint IdentityIQ in its next release.

I started using SailPoint IdentityIQ in 2015, so I have almost eight years of experience with it.

SailPoint IdentityIQ is a very stable product.

SailPoint IdentityIQ is a scalable product.

The SailPoint IdentityIQ technical support can be a bit irritating when doing system inspections. When you have an issue and ask for help, support will tell you that you need professional support, not just regular support.

The technical support team could be more friendly.

I'd give SailPoint IdentityIQ support a three on a scale of one to five.

I've tried Saviynt but compared to SailPoint IdentityIQ, Saviynt isn't stable. It also has fewer features compared to what you get from SailPoint IdentityIQ. For me, SailPoint IdentityIQ is better because of its stability, and it offers many features. However, cost-wise, Saviynt is cheaper.

SailPoint IdentityIQ has a straightforward setup. I'd rate its setup a five out of five.

SailPoint is expensive compared to its competitors. It's one of the most expensive products, so I'd rate it as one out of five, cost-wise.

I'm using SailPoint IdentityIQ, SailPoint IdentityNow, and Auth0.

My rating for SailPoint IdentityIQ is eight out of ten.

My company is a SailPoint partner.

The product is for identity management.

There are lots of features. It depends on what your use cases are. Basically, how the entitlements are handled is very good. It's the complete lifecycle of entitlements. That is what the best feature is about the product.

It offers a single source of truth. Everything can be handled from one tier.

I focused on the functionality. We needed to implement everything properly, and those functionalities were pre-built in the product. We didn't have an issue in that sense.

The interface is simple and very usable. I have used other products and didn't see their interface as better than SailPoint. 

The product is stable.

It is scalable. 

I wouldn't be able to point out any shortcomings. Right now, also I'm not working on the product as much. 

The user interface could be slightly improved. It could be made simpler and more user-friendly, however, it is good enough right now. 

I've used the solution for more than a year. 

It is stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The scalability is good. 

We only used support for a few months initially and they were very, very good. There was no problem at that time. After that, we are on our own. We have our own experts. They have been experts in SailPoint for a long, long time. Therefore, we are reaching out to SailPoint support directly - until and unless there is a shortcoming or a bug in the product. I have not come across any yet.

Positive

We had legacy systems. That's why we moved to SailPoint.

The setup was pretty good. We have five people that can handle deployment and maintenance. 

The pricing was taken care of by management. I don't know about the exact cost.

I'm a customer. We have bought the product, and we are using it. It's in our organization.

I am not sure which version of the solution we're using. It might be one version behind. 

Whether or not this is the right solution for others depends on your use cases. If your use cases align with those, this is the best product to use. The client that I'm working with has their use cases aligned with this solution, and we haven't had to customize much. Most of the functionality's in-built.

I'd rate the product ten out of ten. It covers the functionality we need.

We use this solution predominantly for the leaver process. 

This solution is easy to configure. 

The mover process for this solution could be improved. 

We have used this solution for six months. 

This is a stable solution. 

This is a scalable solution.

The initial setup is straightforward. This took one week. 

We have a monthly subscription for this solution. 

I would rate this solution an eight out of ten. 

As an academic institution, we have HR students and third parties.

The solution’s stability and performance are good.

The primary difference fundamentally is the state of the identity over time. So, the point-in-time identity drives the identity management, and that will improve the integrity of the identity management.

The connectors should be improved.

We had issues with the stability of the solution.

The solution is very scalable.

30-50 users are using this solution.

The initial setup depends on the type of proposition.

The product’s pricing depends on strategic servers. It is affordable for us to sustain ourselves.

I recommend the solution.

Overall, I rate the solution an eight out of ten.

User Access Review, User Access Request and SOD Policy detection. Another important feature is IdentityIQ’s provisioning broker which allows us to either use its built-in provisioning engine or easily integrate with third-party provisioning and help desk/ticketing systems (such as IBM TIM/SIM, Oracle IdM, BMC IDM, BMC Service Desk, Novell IdM, Microsoft Forefront IdM, ServiceNow etc.) The backend provisioning of IdentityIQ is lightweight and fast to implement. Generally account provisioning can be setup in days versus weeks as is the case with some of the competing products.

SailPoint’s roots began with governance and compliance in 2006. Over time the IdentityIQ compliance and governance stack (user access reviews, SOD and access request) has evolved to provide deeper and more flexible functionality than we’ve found with competitors.

We’ve used IdentityIQ to help customers update their ‘paper and spreadsheet’ based user access review processes. This has helped customers increase the efficiency of access reviews, reduce workload, increase oversight of access remediation as well as start to fulfill regulatory and audit compliance requirements that where previously unattainable.

We’ve seen organisations go from detecting and reviewing high-severity SOD Policy violations once or twice a year to being able to detect and remediate SOD violations in the same day. IdentityIQ provides the detection, enforcement and traceability to take the manual, paper-based policies into real automated rules.

Many of our customers have also used IdentityIQ to replace homegrown and out dated access request solutions (some even manual and paper based), as well as migrate away from expensive and difficult-to-implement provisioning systems. Implementing IdentityIQ has allowed customers to reduce the cost of on-boarding applications into enterprise access review and access request processes as well as tightly integrate access request and remediation with approval workflows and back-end provisioning.

Unlike other competing products IdentityIQ is designed with end-users in mind rather than just targeting the IAM system administrators, we would like to have a bit more flexibility in how the screens are laid-out and the content. Some of our clients prefer feature-rich UI/screens whilst other would like to have simpler interaction and presentation.

Dashboards – whilst better and more feature rich than a number of competing products, they are still nowhere near the functionality one gets from dedicated portal and analytics tools (eg. drill-downs, comparative views, etc.).

Report writing is much better in the latest versions, but it is still not comparable to what one can get out of dedicated reporting tools.

I started working with IdentityIQ in 2007. Until now, I’ve been actively involved in design and configuration of a large number of IdentityIQ deployments across Australia, Asia, America and the Middle East. We (First Point Global) have been a SailPoint partner since 2007.

In terms of the product itself - no. Deployment of the product is very straightforward; there are a lot of resources available to assist you in finding the answer to any deployment question you might come up with. There is a large community of people working on IdentityIQ. If you come across a problem there’s always someone around that’s done that before and has suggestions.

The main challenge has been that each client’s environment is different; from the way in which they configure their ‘managed’ systems, to constraints imposed by the client’s SOE (standard operating environment), to the client’s infrastructure topology, to change control and migration processes and tools the client wants to/has to use.

One of the main challenges is for clients to understand and accept that IdentityIQ implementations are not a systems development/coding exercise; rather IdentityIQ deployment is more about configuration than coding.

No, IdentityIQ is stable. It has easy, built-in redundancy to handle any unforeseen events. Also, server management is simple and easy to understand.

IdentityIQ scales well both vertically (‘bigger’ servers) and horizontally. When load increases additional servers can be added to the UI or task server groups with minimal configuration effort. IdentityIQ supports the notion of having dedicated UI servers handling user interaction and task servers, which handle background activities (eg. data loading and refresh, generating reports, re-evaluating SOD policies, etc.). IdentityIQ manages its own batch server load balancing in the background. SailPoint also provide whitepapers and supporting materials on tuning your IdentityIQ deployment to meet your needs and your environment.

However, we have encountered issues using IdentityIQ on virtualized platforms. These were caused by the virtualization hosts being overloaded (i.e. several virtual machines on one overloaded host). If you are going to virtualise IdentityIQ application servers, I would recommend allocating vCPU and memory to each virtual machine. If resources are not allocated, IdentityIQ can be starved by other virtual machines running on the same hosts.

Great, SailPoint offers several points of contact. You can use either the SailPoint communities, customer portal (Salesforce-based) for management of support cases and queries, or directly contact your professional services manger or engagement manager. SailPoint has staff located in most geographies and it’s easy to get hold of someone technical when you need a hand.

Excellent, SailPoint provides both customer and partner community forums; SailPoint technical staff, partners and customers actively contribute to these forums. Often you can find the answer to a question in a forum without the need to raise a support ticket. The communities are an invaluable repository of technical knowhow as well as a source for documentation, tutorials and videos. SailPoint also holds regular webinars. These and all whitepapers are stored and made available to the community. By using the community, it’s possible to find out who has done it before, see what solutions they came up with, as well as even contact that person to ask questions. It’s a great way to get to the bottom of something quickly.

SailPoint support engineers are located in most geographies so your questions get answered quickly. The SEs are also approachable and easy to work with.

As a company we implement identity solutions for customers. We’ve implemented a variety of product replacements and migrations, including:

Oracle Identity Analytics (OIA) replacement (formally Sun Role Manager and Vaau RBAC), OIA lacked the flexibility and functionality to meet the customers’ SOD (Segregation of Duty) Policy requirements as well as entitlement and role modeling requirements. Lack of industry resources with implementation product knowledge was also a factor in retiring OIA solutions; lack of supported application connectors (and/or complexity, eg. requiring fully functional implementation of Oracle IdM for OIA to function) was another factor.

BMC IDM / Control-SA, we’ve implemented both Control SA replacement, and more recently we worked on Control SA end-of-life migration projects. SailPoint offers a clear migration strategy to replace existing Control SA/ESS deployments. SailPoint acquired the BMCs IDM/Control-SA Connector stack people/technology to make migration much simpler exercise; replacing Control SA/ESS can be as simple as configuring the application connectors in IdentityIQ and pointing them to the existing Control SA Agents or Service Manager. Since acquiring the BMC ESS Connector stack, SailPoint has started rewriting the connectors into agentless Java connectors which are simpler to use. Some legacy connections still require agents i.e. RACF, ACF2, NIS.

Prior to compliance and governance solutions coming to the forefront of identity management, we found our customers were starting to think about and “roll their own” solutions to complement the gaps in their IdM stacks; this often involved attempting to ‘bolt on’ access reviews and SOD functionality into existing provisioning systems.We’ve worked with customers to replace several in-house developed solutions, including customer-developed Access Request, User Access Review and even a custom developed Provisioning system! In each case the customer chose to migrate off their home-rolled solution to take advantage of the savings offered from an out-of-the-box solution as well as take advance of the deep compliance and provisioning functionality that IdentityIQ offers.

Installation requires knowledge of application servers and relational databases; a high availability environment can be setup in a matter of hours-days once infrastructure is in place. IdentityIQ requires a relational database and supports all the main flavors, Oracle, IBM, Microsoft, MySQL; IdentityIQ runs on a Java application server, again the common platforms are supported, Oracle, IBM, Apache Tomcat and Red Hat JBoss.

We (First Point Global) are a solutions integrator specialising in identity management; a typical project implementation team involves First Point Global consultants with years of experience in deploying IdentityIQ into large organisations. We work with and train the customer team to up-skill employees to assist in transfer of the IdentityIQ solution from implementation to BAU.

Of course you will always rate yourself as high, but we are the largest team of IdentityIQ implementers in APAC. Also, we won the SailPoint Amarda Award in both 2013 and 2014 for SailPoint’s top partner in the Asia Pacific region.

Through our implementations we’ve seen the existing manual access review processes shrink from a team of people used to gather, send and review certification results down to one or two administrators. Gathering of account data, sending of access review notifications, escalation of incomplete access reviews and detection of remediation is all automated. Administrators can focus on reviewing the results not doing the heavy lifting, results can be easily summarised for the people that need it.

IdentityIQ is still a relatively new comer to identity management, but its implementation is modern and it has built on the lessons learnt from the older, harder to use and often cryptically complex provisioning systems. Workflows and connections to applications do not need to be complex and take far less time to implement than heavy provisioning systems.

IdentityIQ is quicker to implement than its pure provisioning counterparts, implementing IdentityIQ for compliance and governance means you can later reuse the existing on-boarded application connections to implement provisioning.

The cost associated with setup depends on the scope of work, and largely the extent of integration with the applications to be on boarded as well as the functionality applied to those applications (i.e. access review, access request, provisioning, roles, SOD, etc.).

IdentityIQ is a very flexible product. We’ve found the key to using it well and getting the best value for money is to determine how to model your access review, access request or provisioning processes in IdentityIQ, then apply that to a majority of applications. If applications require unique processes for each department, there can be additional configuration overhead, aim for economies of scale where possible.

Some examples of projects:

-30 day IdentityIQ ‘quickstart’ project, on-boarding of 7 high-risk enterprise applications + HR feeds. User access reviews configured and kicked-off in production.

-90 day Control SA migration project, migration of hundreds of provisioned applications into IdentityIQ. And replacement of Control SA Password Management and Access Request functionality with IdentityIQ

-100-200 days IdentityIQ governance project, on-boarding of all enterprise applications into IdentityIQ to perform regular access reviews and detect SOD violations as they occur.

For day to day running of IdentityIQ post implementation we generally advise a small administration team of 2-3 people; some of our clients are supporting IdentityIQ deployment with a 0.5 FTE. Administrators are responsible for performing general house keeping as well as fielding queries on access reviews and scheduling access reviews, new application on-boarding and patching.

We’ve reviewed Oracle Identity Analytics (OIA) and RSA as well as the Dell offerings. Of the three we found RSA Aveska the closest competitor to SailPoint; the Oracle and Dell offerings do not have the same depth of functionality. When doing feature-by-feature comparison as is in a typical RFP/RFQ the majority of IdM products look the same. There are two areas where IdentityIQ often proved to be better than competing products were ‘time to market’ (i.e. how long it takes and how much effort is required to start addressing real issues and delivering value to the business) and complex user access review scenarios.

Listen to the vendor and other clients who have successfully implemented the product; lots of, problems with hardware and implementation process can be avoided by taking the advice of those who have been there before.

Ensure the project has strong leadership. You’ll need this to ensure cooperation of system administrators that are often protective of access to their applications. You need to configure provisioning, but administrators will only give you a read-only account until it is proven it works and will not cause problems. Or enterprise architects may insist that all integration has to be done through corporate middleware, requiring lots of custom development, rather than using OTB connectors.

Make sure your hardware meets the SailPoint requirements (see the ‘IdentityIQ Performance Optimization Checklist’ on SailPoint’s forum - this details the required hardware and network requirements at a glance). IdentityIQ supports virtualisation nicely, but you do need to make sure your virtualisation hosts have enough resources to meet IdentityIQ processing requirements. We suggest allocating CPUs and memory to IdentityIQ application hosts to ensure dedicated usage of required resources.

Make sure your database and application servers have a low latency round trip. We recommend putting the two in the same data centre. IdentityIQ is a big user of data - lower the time it takes to retrieve the data and the UI and batch tasks perform snappier.

Install your development environment to get started with IdentityIQ, then read the ‘IdentityIQ Performance Management Guide’ to ensure that all non-development environments are installed and tuned correctly for your infrastructure. A tuned environment is a fast environment; and fast environment means happy end-user. Also, make sure your administrators do regular health checks.

Deploying IdentityIQ is an integration task, use agile development to on-board applications quickly, have a simple to document application template to capture integration details, but remember you are not designing a system from the ground up. This is not a Java/VB/C++/you-name-it coding exercise.

Using OOTB means fast implementation times and lower cost to you. IdentityIQ is flexible but customizing everything will add to your costs now and your maintenance later. Keep it simple and keep the process standardised.

How often do you need to refresh the data? The hardware required to run IdentityIQ is largely dependent on how often you configure IdentityIQ to reload the data. How often the data is really required to be reloaded is largely dependent on the features you are using,. For example, SOD policy violation detect might require daily updates, but reviewing user access quarterly does not require daily data refreshing!

If you do want to keep all data up to date, then be smart and take advantage of IdentityIQ’s delta aggregation and partitioning functionality. Build application on-boarding tuning into your application on-boarding process and have database administrators review queries for performance.

Always utilise the direct connectors. Although IdentityIQ supports a variety of file feed connectors using the direct connectors now means you can take advantage of provisioning later without reconfiguring. Remember file feeds are unlikely to match the data the direct connector will pull back, reuse the investment SailPoint have made in the OOTB connectors and save time and money!

Standardise the compliance processes applied to applications. IdentityIQ is flexible but a unique access review process for each application will require more configuration and maintenance. Keep it simple and easy to maintain.

IdentityIQ has been the market leader according to the Gartner IGA Magic Quadrant for the past two years. We deploy and support several identity and access management products, and have reviewed numerous other vendors’ offerings.On balance we find IdentityIQ to have the best mix of functionality and ease of use, as well as being the easiest and most flexible to deploy.Quite a few of our engineers prefer to use and deploy IdentityIQ over other compliance, governance and provisioning solutions.

We use SailPoint IdentityIQ mainly for employees. It's not a customer identity and access management tool. It's mainly for the workforce. All my clients choose SailPoint IdentityIQ because they need some tool that will govern and do the compliance at their end. We are mainly integrating all the applications for the organization, just like their HR, to do the governance in just one place, namely in SailPoint IdentityIQ. We're using SailPoint IdentityIQ for provisioning, granting access, taking access, automatic onboarding, and off-boarding. We also use SailPoint IdentityIQ for employees' joiner, mover, and leaver workflow. We use SailPoint IdentityIQ for automatically reprovisioning all the roles and accesses.

The most selling modules for SailPoint are the compliance manager and the life cycle manager. In addition, the password manager module is replacing the call center for any organization by doing self-service password services, resetting passwords, and unlocking accounts.

SailPoint IdentityIQ has a primitive AI engine. It doesn't compare to the autonomous engine that uses machine learning and deep learning in ForgeRock.

It would be great to have an autonomous engine that uses machine learning and deep learning to find orphan accounts, accesses not used by employees and extra accesses.

I have been doing a SailPoint IdentityIQ pre sales presentation for two years and a real product implementation for six months.

SailPoint IdentityIQ is a stable solution, and I rate it a nine out of ten for stability.

I rate SailPoint IdentityIQ less than five out of ten for scalability. To increase scalability, you need to increase servers, which is not easy.

The technical support in the Middle East is being done through partners. SailPoint IdentityIQ has no physical presence in the Middle East except through its partners and distributors. However, SailPoint IdentityIQ's remote support is always available. SailPoint IdentityIQ's technical support is good because they are always available when the partners or the implementation team face any issues.

Positive

The initial setup of SailPoint IdentityIQ was very easy, and I rate it a ten out of ten. We have an automatic deployment engine, so the deployment takes around an hour, not long.

SailPoint IdentityIQ is highly-priced, and I rate it an eight out of ten for pricing.

Our clients using SailPoint IdentityIQ are mainly in the banking sector, and the others are part of the Saudi Arabia government and ministry. For 12 years, SailPoint IdentityIQ twelve has been the leader of Gartner Magic Quadrant. All the market reports suggest SailPoint IdentityIQ when you're doing governance and compliance for your workforce. SailPoint IdentityIQ is even replacing other solutions like IBM and ServiceNow.

SailPoint IdentityIQ is a stable and reliable workforce identity and access management solution. If you're looking for a solution for the workforce, you should opt for SailPoint IdentityIQ, and if you're looking for a solution for the customer base, you should choose ForgeRock.

Overall, I rate SailPoint IdentityIQ a ten out of ten.

We're using SailPoint IdentityIQ for these purposes: user access, authentication, and governance review access.

SailPoint IdentityIQ has improved my organization as it's used mainly to provide access to first-time users and also for other actions around managing access.

A feature of SailPoint IdentityIQ that I like best is that it has good integration with other platforms. My company is using ADP here in Brazil, and SailPoint IdentityIQ works very, very well with it. My company is also using the solution for governance evaluation, segregation, and other access tests. For my company, SailPoint IdentityIQ is a very important solution, especially because it's automated, and there's a huge audit and risk issue here in Brazil.

In the past, we had a lot of problems with SailPoint IdentityIQ, particularly in providing access and provisioning. There were some gaps in the operation of the solution because they were manual rather than automated, and the users and administrators were given access directly via Active Directory, and it wasn't appropriate for us at the time to use.

In terms of integration, we could provide a more automated solution after a minimum number of years, but not in the SailPoint IdentityIQ platform, but there were problems in the registration, for example, with putting information inside ADP, but in general, we were able to solve those problems, and after implementing SailPoint IdentityIQ  we had increased evaluations.

I've been using SailPoint IdentityIQ for two years.

SailPoint IdentityIQ is a stable solution.

We didn't have contact with the technical support for SailPoint IdentityIQ because we're using a third party for support.

Ten of our administrators used Append to control executive activities prior to using SailPoint IdentityIQ, but in general, we found SailPoint IdentityIQ to be more useful in maintaining information, access roles, and permissions. The solution does exactly what we needed it to do.

The initial setup for SailPoint IdentityIQ was straightforward.

We used a third party to implement SailPoint IdentityIQ, particularly in the beginning, but nowadays, we can implement the solution on our own. In the beginning, we had a problem with the rules inside the platform, but the third party helped us in solving the problem and installed and configured SailPoint IdentityIQ appropriately.

Right now, I'm not sure if there's ROI from SailPoint IdentityIQ, but within a few months or so, there will be.

In terms of pricing, SailPoint IdentityIQ is affordable. It's not cheap, and it's not expensive, so the solution is in the middle, price-wise. It also didn't have additional costs, even if my company had different teams that took care of auditing and provisioning and projects that used SailPoint IdentityIQ.

We evaluated other solutions, but SailPoint IdentityIQ proved to be more adequate for us to use, and we found that not a single solution or tool was exactly better than SailPoint IdentityIQ.

I'm not sure about the version of SailPoint IdentityIQ my company is using, but it's probably the newest version.

My company has ten administrators of SailPoint IdentityIQ and around one thousand users. Ten technicians maintain the solution. My company maintains the solution and always keeps it updated, so integrating other solutions to SailPoint IdentityIQ won't be a problem.

In terms of rating SailPoint IdentityIQ, nine is a good score for me. My company is very happy with the solution.

My company is a customer of SailPoint IdentityIQ.