What is our primary use case?
We have different use cases depending on the project. For example, we use it for user management, account management, user lifecycle, certifications, reporting, SODs, and governance. We use everything that SailPoint IdentityIQ provides.
How has it helped my organization?
Our user lifecycle takes less time with SailPoint IdentityIQ. Previously, it would take around one day to get all the users access, and now it is an automatic process with a good authentication authorization mechanism.
What is most valuable?
When deployed on-premises, it gives us a lot of areas to customize and provides many out-of-box features. For example, it offers different out-of-box connectors where we can connect with multiple forest configurations. There are also out-of-box connectors for CyberArk, Okta, and other applications, but SailPoint IdentityIQ has more enriched out-of-box connectors than the others.
What needs improvement?
There's a lot of customization required to improve the user experience. It would also be helpful if there were some out-of-box options for filtering.
For how long have I used the solution?
We have been using this solution for seven years. We are currently using version 8.2 or 8.3. We have also used versions 6.0, 6.1, 6.2 and 6. 3. It is deployed on-premises and on cloud.
What do I think about the stability of the solution?
The stability and performance are very good.
What do I think about the scalability of the solution?
Scalability is good, but if the number of users significantly increases, it requires different web servers and becomes difficult to manage. In addition, SailPoint IdentityIQ doesn't provide any SIM tool, so we have to implement it if required. Without it, we have to work locally, going into the logs for eServers by ourselves, and there isn't a central log factory where we can see all the logs for the SailPoint IdentityIQ.
The number of users depends on the project. There are projects with millions of users and others with 100,000 or 300,000 users. Also, the number of people required for deployment depends on the number of servers and users. However, if I were to estimate, it requires an average of three people, but if the server and the UI server increase, it becomes challenging to look at the logs.
Compared to SailPoint IdentityIQ, Saviynt provides a way to select servers. From the UI, you can choose different servers and see the logs.
SailPoint IdentityIQ is being used at full capacity, and I am currently working as an architect for both Saviynt and SailPoint IdentityIQ. If I were to compare solutions, there is no comparison with SailPoint in the market right now, and SailPoint is way ahead. Solutions like Saviynt and Omada have features such as logs, clarity of the risk and SODs that are not as good in SailPoint IdentityIQ.
How are customer service and support?
We have not used technical support directly, but our clients use them, and we have not heard of any problems.
Which solution did I use previously and why did I switch?
We previously worked with IBM IM products like ISIM and Oracle IM, and we switched to SailPoint IdentityIQ because it is an enhancing product. SailPoint IdentityIQ is the best in feature enhancement.
How was the initial setup?
It was straightforward to implement, which is an advantage with products deployed on-premises. However, there is minimal documentation around the firewall on SailPoint community sites. For example, sometimes, we want to configure SailPoint IdentityIQ for our developers in a development version, and we don't want it to connect inside a company's firewall. But that is not addressed in the architectural documents. The documentation covers areas like check configuration or DR configuration but does not mention options for different networking structures between a web server and a product and how it works. Deployment is dependent on the project. Sometimes we complete it ourselves, and other times it's done by a third party.
What was our ROI?
There is an ROI. I have worked in this domain for 12 years on different continents and have not heard of people replacing SailPoint IdentityIQ on-premise with other solutions.
What's my experience with pricing, setup cost, and licensing?
I rate the price a six out of ten, with one being least expensive and ten being most expensive.
What other advice do I have?
I rate this solution an eight out of ten. If deployment is done on-premises, SailPoint IdentityIQ is best, but Saviynt or Omada is better if it is cloud.
Regarding advice, SailPoint IdentityIQ is the most customizable product. However, it is good to minimize customization and use more out-of-box functionality because it becomes a hassle in the long term to manage customization in the IM product. In addition, it will be good if there is better log management in future releases.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Hello There,
Awesome article. Thanks for making that available. I've been using your help to build my own POC and will publish the steps in another blog soon.
Did you able to resolve this issue? I am also facing same issue.
I have followed the below steps -
1. Created 3 rules for AfterCreate/Modify/Delete
2. Mapped them in App config for NativeRules attribute
3. executed IQService-Handshake Task - This has created a .dat file in IQService directory.
4. IQ Service and AD both are in same system - windows 2008
5. IIQ Version 6.3
Now, I am trying to request access for AD, Sailpoint tutorial account getting created on AD, but the native rules are not being triggered.
Regards,
Preethi.