SailPoint Identity Security Cloud Reviews

We use Identity IQ for user onboarding, offboarding, profile management and to manage user access across various platforms in our organization. 

SailPoint has allowed us to ensure the right people have the right access and to the rights things.

The prices could be slightly reduced to match other products in the market. 

The UI of the solution could be more customizable so we could change the workflows to suit our needs.  There is not much customization offered in SailPoint connectors. We had to customize the out-of-the-box connector to meet our needs and keep track of this customization for future upgrades. 

I have been using this solution for seven years. 

This is a stable solution. 

We moved from Oracle Identity Manager to SailPoint and the initial setup was not straightforward. It took two to three days and was done is small steps. 

We implemented the solution in-house but received assistance leading up to the implementation from a third party company for three months.

From the backend perspective, when we have needed certain functionality and it has not been possible within the solution, we have reached out to SailPoint for assistance. 

I would rate it an eight out of ten. 

We have different use cases depending on the project. For example, we use it for user management, account management, user lifecycle, certifications, reporting, SODs, and governance. We use everything that SailPoint IdentityIQ provides.

Our user lifecycle takes less time with SailPoint IdentityIQ. Previously, it would take around one day to get all the users access, and now it is an automatic process with a good authentication authorization mechanism.

When deployed on-premises, it gives us a lot of areas to customize and provides many out-of-box features. For example, it offers different out-of-box connectors where we can connect with multiple forest configurations. There are also out-of-box connectors for CyberArk, Okta, and other applications, but SailPoint IdentityIQ has more enriched out-of-box connectors than the others.

There's a lot of customization required to improve the user experience. It would also be helpful if there were some out-of-box options for filtering.

We have been using this solution for seven years. We are currently using version 8.2 or 8.3. We have also used versions 6.0, 6.1, 6.2 and 6. 3. It is deployed on-premises and on cloud.

The stability and performance are very good.

Scalability is good, but if the number of users significantly increases, it requires different web servers and becomes difficult to manage. In addition, SailPoint IdentityIQ doesn't provide any SIM tool, so we have to implement it if required. Without it, we have to work locally, going into the logs for eServers by ourselves, and there isn't a central log factory where we can see all the logs for the SailPoint IdentityIQ.

The number of users depends on the project. There are projects with millions of users and others with 100,000 or 300,000 users. Also, the number of people required for deployment depends on the number of servers and users. However, if I were to estimate, it requires an average of three people, but if the server and the UI server increase, it becomes challenging to look at the logs.

Compared to SailPoint IdentityIQ, Saviynt provides a way to select servers. From the UI, you can choose different servers and see the logs.

SailPoint IdentityIQ is being used at full capacity, and I am currently working as an architect for both Saviynt and SailPoint IdentityIQ. If I were to compare solutions, there is no comparison with SailPoint in the market right now, and SailPoint is way ahead. Solutions like Saviynt and Omada have features such as logs, clarity of the risk and SODs that are not as good in SailPoint IdentityIQ.

We have not used technical support directly, but our clients use them, and we have not heard of any problems.

We previously worked with IBM IM products like ISIM and Oracle IM, and we switched to SailPoint IdentityIQ because it is an enhancing product. SailPoint IdentityIQ is the best in feature enhancement.

It was straightforward to implement, which is an advantage with products deployed on-premises. However, there is minimal documentation around the firewall on SailPoint community sites. For example, sometimes, we want to configure SailPoint IdentityIQ for our developers in a development version, and we don't want it to connect inside a company's firewall. But that is not addressed in the architectural documents. The documentation covers areas like check configuration or DR configuration but does not mention options for different networking structures between a web server and a product and how it works. Deployment is dependent on the project. Sometimes we complete it ourselves, and other times it's done by a third party.

There is an ROI. I have worked in this domain for 12 years on different continents and have not heard of people replacing SailPoint IdentityIQ on-premise with other solutions.

I rate the price a six out of ten, with one being least expensive and ten being most expensive.

I rate this solution an eight out of ten. If deployment is done on-premises, SailPoint IdentityIQ is best, but Saviynt or Omada is better if it is cloud.

Regarding advice, SailPoint IdentityIQ is the most customizable product. However, it is good to minimize customization and use more out-of-box functionality because it becomes a hassle in the long term to manage customization in the IM product. In addition, it will be good if there is better log management in future releases.

The Certification and Provisioning features are most valuable.

Manager Certification helped to review user access and revoked unnecessary accesses to various applications.

The connector for EPIC, ServiceNow, and Duo.

More than a year.

None, except cosmetics issues related to UI and documentation.

No.

Excellent.

We didn’t have a solution for Certification, but we had a homegrown solution for all other IAM processes. For various reasons, we switched to IIQ.

It was straightforward.

They are expensive.

Yes. We tried Oracle and ForgeRock IAM products.

Just go for this product. Its awesome.

SailPoint IdentityIQ is used for reporting and identity, account, and access management.

The most valuable features of SailPoint IdentityIQ are the reporting because it is better than other solutions. The workflows can be customized to our requirements and the overall features are good.

If you compare Saviynt and Okta Workforce Identity versus SailPoint IdentityIQ, SailPoint IdentityIQ needs to improve its UI.

I have been using SailPoint IdentityIQ for approximately four years.

When using SailPoint IdentityIQ you need to tell them the capacity you want, and they will provide the solution with the appropriate license. For example, you have to tell them initially that you will have 50,000 users using the solution then they will tell you how much service you will need to deploy.

The technical support is not very good but it is good. They can improve.

I have previously used Saviynt and Okta Workforce Identity.

The initial setup of SailPoint IdentityIQ is easy. The time of deployment can take approximately two days.

We did the implementation of SailPoint IdentityIQ in-house.

My advice to others is if you are new to the identity access management world, and you are starting with SailPoint IdentityIQ, you have the best tool in your hand to start with. You can receive complete exposure to all the types of operations or workflows.

I rate SailPoint IdentityIQ a nine out of ten.

1. Very user friendly unified UI (for users and administrators)
2. An excellent out-of-the-box features (hierarchical RBAC, flexible provisioning policies, role-mining, certifications, life-cycle events, etc)
3. Modest hardware requirements
4. A large list of out-of-the-box connectors (with no additional charge)
5. Using only standard java technologies (java, beanshell, HTML, jsp, JavaScript, XML, some Apache projects)
6. Possibility to deploy the solution on different DBMS and application servers of your choice
7. Very fast implementation of the solution with custom modifications

1. The price is very high
2. The partnership program is very inflexible
3. Provisioning. This functionality sometimes require too much coding to implement some customers' requirements
4. "Ease of use." IdentityIQ has a function that can be described as duplication (this can depend on the point of view) for example, groups, population, and work-groups
5. Implement the support of organizational structure

About one year.

Yes, of course. Every time, when you implement a project for a customer you will encounter some issues.  The primary question - how quickly the vendor will help you with issues, or how strong are the programmers and engineers in your team to find a solution in-house.

No, I didn't.

No, I didn't.

Of course. In addition to SailPoint IdentityIQ I have experience in implementing MS FIM 2010, OIM 11gR2, and Oracle Waveset (Sun IDM) 8.

In my opinion this is the best product and I agree with Gartner which described it as the best product in the "Identity Governance and Administration Magic Quadrant" in 2013-2014.

I would say it's simple (compared with OIM 11gR2, but more difficult when compared with MS FIM 2010 R2).
IdentityIQ has very good documentation and you shouldn't face problems with the installation.

With an internal team. All team members have very strong experience in the IDM sphere, including working experience with other IDM vendors (Sun, Oracle, IBM).

SailPoint IdentityIQ is a very good product (in my opinion - it is the best product and it took the leading place in Gartner's Magic Quadrant two years in a row) and I can recommend it to all who are looking for a very strong IDM solution (if the price suits you).

The level of customization for data imports and role modeling, because it helps to integrate faster, support easier and let it reuse the organization role structure.

It allowed us to execute account review campaigns from very different systems.

Some setups should be done in the interface and in the code, and could be made simpler.

So far, from 2008 to 2017: 10 years.

No, the product is stable.

As long as the database is very close to the application server, the system can manage many identities and connectors to various directory.

Their technical support was very knowledgeable of their product, and we get answers within a day or so most of the time.

Most of the clients kept the solution after using SailPoint IIQ. The only one that considered not using it anymore wanted to keep his historical supplier and to have the same solution for Identity Governance and Administration and for Authentication (which is not something SailPoint provides).

Initial installation is straightforward and takes less than one day, once you have a VM, a database, and a directory available. What takes the most time is the connectivity to each authoritative source and target directory.

SailPoint IIQ is the best of best. That is reflected in the pricing of the solution. The pricing is based on the number of identities.

Many clients considered the other main IGA solutions, like Oracle Identity Manager, CA Identity Manager, Microsoft Identity Manager, or NetIQ Identity Manager.

Make sure the distance between the database and application server is very short. There is natural integration with other solutions that should be considered in your selection, like with CyberArk or ServiceNow.

• Access risk alerts
• Access Certification
• Self-Service Access Request
• Password Management

• Development framework
• Workflows configuration

Two years.

No issues encountered.

No, the platform has been stable.

Yes, I found some scalability issues:

• Java.lang.OutOfMemoryError: Java heap space
• Advanced searchs with 0 rows

7/10.

8/10.

Yes. In several customers we have switched to SailPoint IdentityIQ due to the unified architecture and intuitive centralized governance across datacenter.

The initial setup always was straightforward with shorter implementation times and quick benefits.

We haven`t calculate the ROI. Mainly, cost savings are associated to:

• Identifying unused or unauthorized accounts and reports them back to the appropriate business sponsor for removal and potential cost savings
• Reduce the cost of compliance by automating access review processes

In several cases, the IdentityIQ deployment was due to a migration from other IAM solution (Oracle Identity Manager). Usually, before deploying an IAM solution, we do a benchmark test with the customer to get the best solution for their requirements.

• Phased Deployment
• Get to know new features
• Expand gracefully/logically
• Create a change control & env. management process
• Automate where possible
• Become flexible with migrations

We use it to automate onboarding and offboarding processes.

The basic concept is most valuable. I like how they have designed the solution. They create an Identity Cube, and then they do all the processes and configuration around the Identity Cube. 

It is too technical. You need really good technical skills in Java and other technologies, which are hard to find. If they can make it easier so that things can be done with a few clicks, it will be great.

It should also have more standard connectors. Its price should also be reduced.

I have been using this solution for more than 15 years.

It is surely stable.

It is scalable.

I have not interacted with their technical support.

Its initial setup is not straightforward. No identity management solution is straightforward.

It is a costly solution. Its cost, for sure, should be reduced.

If you want to use a non-Microsoft application, then, for sure, go with SailPoint, but if your use cases are only using Microsoft applications, then go with Microsoft.

I would rate SailPoint IdentityIQ a seven out of 10.