SailPoint Identity Security Cloud Reviews

We use this solution for identity governance and to understand who has access to what and whether that access should be granted or not. We also use it for access to recertification automation which provides a complete report of who has what access in the organization at the press of a button. We are able to automate the entire process of joiners, movers, levers and the provisioning and deprovisioning of identities. 

When someone joins any organization, all their roles and access is provided at the click of a button. When they move from one department to the other, the accesses which are not required are revoked, and the ones which are necessary are provisioned. Sailpoint offers complete automation of the lifecycle of any user.

We are able to offer on-prem on cloud based deployments, depending on our customer's requirements. 

This solution has made our team more effective. We need less manual approvals when someone new joins our company. There is less paperwork and fewer support tickets raised for access. 

The number of integrations that they have is amazing. The flexibility of the tool is great and you can really customize a lot. The dashboards that can be created are very useful. The proactive revoking of accesses in the case of an attack is amazing.

The cost of this solution is high. The technical assistance center could be improved. They're very good, but considering the intricacies of the solution, they can further improve.

We have been using this solution for six and a half years.

This is a stable solution. 

This is a very scalable solution. A couple of million users can be scaled overnight.

I would rate this solution's technical support a three and a half out of five. 

Neutral

The initial setup is complex due to the handling of identity and access management. If you have the expertise and if you are trained well, then it is not difficult. Deployment takes between three and twelve months.

This is an expensive solution. I would rate it a two and a half out of five for pricing. 

I would recommend Sailpoint to others. 

I would rate this solution a ten out of ten.

SailPoint IdentityIQ is used for reporting and identity, account, and access management.

The most valuable features of SailPoint IdentityIQ are the reporting because it is better than other solutions. The workflows can be customized to our requirements and the overall features are good.

If you compare Saviynt and Okta Workforce Identity versus SailPoint IdentityIQ, SailPoint IdentityIQ needs to improve its UI.

I have been using SailPoint IdentityIQ for approximately four years.

When using SailPoint IdentityIQ you need to tell them the capacity you want, and they will provide the solution with the appropriate license. For example, you have to tell them initially that you will have 50,000 users using the solution then they will tell you how much service you will need to deploy.

The technical support is not very good but it is good. They can improve.

I have previously used Saviynt and Okta Workforce Identity.

The initial setup of SailPoint IdentityIQ is easy. The time of deployment can take approximately two days.

We did the implementation of SailPoint IdentityIQ in-house.

My advice to others is if you are new to the identity access management world, and you are starting with SailPoint IdentityIQ, you have the best tool in your hand to start with. You can receive complete exposure to all the types of operations or workflows.

I rate SailPoint IdentityIQ a nine out of ten.

The level of customization for data imports and role modeling, because it helps to integrate faster, support easier and let it reuse the organization role structure.

It allowed us to execute account review campaigns from very different systems.

Some setups should be done in the interface and in the code, and could be made simpler.

So far, from 2008 to 2017: 10 years.

No, the product is stable.

As long as the database is very close to the application server, the system can manage many identities and connectors to various directory.

Their technical support was very knowledgeable of their product, and we get answers within a day or so most of the time.

Most of the clients kept the solution after using SailPoint IIQ. The only one that considered not using it anymore wanted to keep his historical supplier and to have the same solution for Identity Governance and Administration and for Authentication (which is not something SailPoint provides).

Initial installation is straightforward and takes less than one day, once you have a VM, a database, and a directory available. What takes the most time is the connectivity to each authoritative source and target directory.

SailPoint IIQ is the best of best. That is reflected in the pricing of the solution. The pricing is based on the number of identities.

Many clients considered the other main IGA solutions, like Oracle Identity Manager, CA Identity Manager, Microsoft Identity Manager, or NetIQ Identity Manager.

Make sure the distance between the database and application server is very short. There is natural integration with other solutions that should be considered in your selection, like with CyberArk or ServiceNow.

We have different use cases depending on the project. For example, we use it for user management, account management, user lifecycle, certifications, reporting, SODs, and governance. We use everything that SailPoint IdentityIQ provides.

Our user lifecycle takes less time with SailPoint IdentityIQ. Previously, it would take around one day to get all the users access, and now it is an automatic process with a good authentication authorization mechanism.

When deployed on-premises, it gives us a lot of areas to customize and provides many out-of-box features. For example, it offers different out-of-box connectors where we can connect with multiple forest configurations. There are also out-of-box connectors for CyberArk, Okta, and other applications, but SailPoint IdentityIQ has more enriched out-of-box connectors than the others.

There's a lot of customization required to improve the user experience. It would also be helpful if there were some out-of-box options for filtering.

We have been using this solution for seven years. We are currently using version 8.2 or 8.3. We have also used versions 6.0, 6.1, 6.2 and 6. 3. It is deployed on-premises and on cloud.

The stability and performance are very good.

Scalability is good, but if the number of users significantly increases, it requires different web servers and becomes difficult to manage. In addition, SailPoint IdentityIQ doesn't provide any SIM tool, so we have to implement it if required. Without it, we have to work locally, going into the logs for eServers by ourselves, and there isn't a central log factory where we can see all the logs for the SailPoint IdentityIQ.

The number of users depends on the project. There are projects with millions of users and others with 100,000 or 300,000 users. Also, the number of people required for deployment depends on the number of servers and users. However, if I were to estimate, it requires an average of three people, but if the server and the UI server increase, it becomes challenging to look at the logs.

Compared to SailPoint IdentityIQ, Saviynt provides a way to select servers. From the UI, you can choose different servers and see the logs.

SailPoint IdentityIQ is being used at full capacity, and I am currently working as an architect for both Saviynt and SailPoint IdentityIQ. If I were to compare solutions, there is no comparison with SailPoint in the market right now, and SailPoint is way ahead. Solutions like Saviynt and Omada have features such as logs, clarity of the risk and SODs that are not as good in SailPoint IdentityIQ.

We have not used technical support directly, but our clients use them, and we have not heard of any problems.

We previously worked with IBM IM products like ISIM and Oracle IM, and we switched to SailPoint IdentityIQ because it is an enhancing product. SailPoint IdentityIQ is the best in feature enhancement.

It was straightforward to implement, which is an advantage with products deployed on-premises. However, there is minimal documentation around the firewall on SailPoint community sites. For example, sometimes, we want to configure SailPoint IdentityIQ for our developers in a development version, and we don't want it to connect inside a company's firewall. But that is not addressed in the architectural documents. The documentation covers areas like check configuration or DR configuration but does not mention options for different networking structures between a web server and a product and how it works. Deployment is dependent on the project. Sometimes we complete it ourselves, and other times it's done by a third party.

There is an ROI. I have worked in this domain for 12 years on different continents and have not heard of people replacing SailPoint IdentityIQ on-premise with other solutions.

I rate the price a six out of ten, with one being least expensive and ten being most expensive.

I rate this solution an eight out of ten. If deployment is done on-premises, SailPoint IdentityIQ is best, but Saviynt or Omada is better if it is cloud.

Regarding advice, SailPoint IdentityIQ is the most customizable product. However, it is good to minimize customization and use more out-of-box functionality because it becomes a hassle in the long term to manage customization in the IM product. In addition, it will be good if there is better log management in future releases.

We use it for Identity Lifecycle Management: 

• Access requests
• Provisioning
• Deprovisioning
• JCT process and reconciliation (aggregation).

It provides one solution for the entire process in a complex environment with different types of applications and connectors.

All Identity Access Management processes in the tool are valuable. 

The product has poor reporting and analytic capabilities. Reports are not easy to use and its analytic capabilities are limited.

It is a stable tool, which we run in our complex environment.

The solution includes all aspects of user lifecycle management, like joiners, movers and leavers, regulatory compliance, reporting and auditing. And the compliance part of the solution includes certification from time to time basis. All these are usual IEM cases. The aforementioned instances are all IAM cases.

The first valuable feature of the solution is its interface. The second feature of the solution is the level of flexibility it provides. So, it can be easily configured by a person using just a few rules and coding standards, after which that person can make anything out of the solution. SailPoint is quite an old solution in the market. So they know what new things are coming into the market along with artificial intelligence, and they have ensured that they have integrated into their solution the developments over time. Basically, SailPoint is up to date with the market standards.

Regarding the scope for improvement in the solution, reporting is an area that can be a bit more UI-oriented. Apart from that, it's a very good product, and I do not have any complaints about it.

Our company works as a distributor in the Middle East region for SailPoint. So, we are not just selling the product but also selling other products. I have been working with SailPoint IdentityIQ for eight years. Presently, I am working with SailPoint IdentityIQ Version 8.3.

It's a totally stable and very robust product. I've never seen it going down in the last eight years. I rate the solution's stability a ten out of ten.

Since it is a very scalable product, I rate the solution's scalability a ten out of ten. Our clients include small, medium, and enterprise businesses.

Since SailPoint is a big company, it usually takes time. The company has to schedule an appointment with the people and organizations to address their issues. So, I rate the solution's technical support a seven out of ten.

Neutral

Given a person has a background in implementing solutions, site architecture, and infrastructure, I rate the difficulty level of the current solution as an eight out of ten, with one being very difficult and ten being very easy.

The solution is deployed on the cloud, hybrid cloud and on-premises.

The basic deployment of SailPoint over user lifecycle management can depend on a client's use cases. However, for the basic setup of the system, it may take a week or so to get the solution ready with everything configured. One architecture is enough to carry out the deployment process. Also, the number of people required for maintenance depends upon the total number of use cases we have configured, so we can't categorize or quantify it.

I rate the solution a seven on a scale where one is cheap and ten is too expensive. In short, the solution falls under the higher side of pricing. For the solution, our company has secured a perpetual license.

I would tell those planning to use this solution that it is a very good and robust product in the market which supports almost all use cases. Also, SailPoint plans to expand to consumer identity. If one plans to proceed with this product, it will be a good decision. Additionally, it is not feasible for very small businesses, but it could be an amazing product and a good investment for the medium to large organizations. Overall, I rate the solution an eight out of ten.

• Access risk alerts
• Access Certification
• Self-Service Access Request
• Password Management

• Development framework
• Workflows configuration

Two years.

No issues encountered.

No, the platform has been stable.

Yes, I found some scalability issues:

• Java.lang.OutOfMemoryError: Java heap space
• Advanced searchs with 0 rows

7/10.

8/10.

Yes. In several customers we have switched to SailPoint IdentityIQ due to the unified architecture and intuitive centralized governance across datacenter.

The initial setup always was straightforward with shorter implementation times and quick benefits.

We haven`t calculate the ROI. Mainly, cost savings are associated to:

• Identifying unused or unauthorized accounts and reports them back to the appropriate business sponsor for removal and potential cost savings
• Reduce the cost of compliance by automating access review processes

In several cases, the IdentityIQ deployment was due to a migration from other IAM solution (Oracle Identity Manager). Usually, before deploying an IAM solution, we do a benchmark test with the customer to get the best solution for their requirements.

• Phased Deployment
• Get to know new features
• Expand gracefully/logically
• Create a change control & env. management process
• Automate where possible
• Become flexible with migrations

We used the product for identity and access management and access governance. The product manages the whole identity lifecycle for workplace identities.  

IdentityIQ takes care of the joiner (new accounts), the mover (transfer/role changes), and the lever (account termination), as well as looking at things like the certification phase. It covers the whole user lifecycle (Rehire) and provides market leading governance capabilities. It provides a centralised view of accounts and access for staff and helps uplift the security controls for the organisation.

It has improved the controls and reduced the risk of access management issues with the client organisations. While also improving efficiency around the JML processes through automation and reducing the reliance on people for some of the access provisioning requests.

The product's main features for the certification of users is the most prominent as well as the best feature. The out of the box connectors and accelerator pack are also great pieces to help improve the speed of delivery.

There is really not so much that SailPoint needs to improve. It has been in the market for a while and has well embedded as a market leader in the Identity Governance Space. We have just done an upgrade (v7-.8.1) and it was straight foward well tested and there was no major issues, we even managed to deploy to production a week ahead of schedule. We are now working with the client to leverage some of the new features and such, so there is not a lot that I can confirm that would be missing from a product that I was already happy with.  

The only thing about SailPoint that I might suggest to improve is the user interface could be improved from an administration point of view. From a request point of view we are leveraging ServiceNow and Sailpoints SNOW catalogue integration. Having had the opportunity to compare SailPoint and One Identity with past work, I personally prefer the One Identity's user interface, especially for user administration of the system. It could be simplified or somewhat more user-friendly for administrative tasks and functions.

We implemented the foundational release for a customer over over 12 months ago and since then we have worked closely with them to increase its functionality

IdentityIQ is a stable product. We have not experienced any problems with it and have not heard of any from our clients.  

The user group for this product are normally larger companies or enterprise businesses that have got full identity-governance requirements. That is the typical SailPoint customer requires more than just basic identity management automation.

As far as scalability of the product, it has got a lot of horizontal and vertical scaling opportunities that could be taken advantage, so scaling is not an issue.  

Overall the technical support is relatively good, especially from a customer point of view. I think that the support is working fine for the customers and that makes it better for us in selling their products. 

There is also a wealth of information online for the product for the Sailpoint community. 

This is a new implementation at this client they previously had no Identity governance in place

The initial setup of the product is relatively straightforward. The complexity really depends on the customer requirements, business rules or processes that influence how difficult the implementation gets. On average, it probably takes a couple of days to install the product. But once it is installed, then you have got to have the product usable and working with other solutions and other systems. For that, it needs to be configured to have that connectivity with those other systems. That is where some of the implementation time starts to add up. To install a base active directory kind of set up takes about two weeks. 

We have configured and setup some basic functionality for a client within these tight timeframes. To do that you will need real business buy in to clear hurdles out of the way for the dependencies for the install, the infrastructure, business requirements etc.

We are a service integrator so we help clients to do all their setup. We like to set the client up so that they are capable of doing their own maintenance with the software and system if they want to otherwise we offer a full range of support options. 

The client has had a positive reduction in the time taken to get a user on boarded and productive. There has also been a significant improvement in their access and Identity Management controls, reducing risk and closing audit items.

There are additional modules which are licenced separately that you can get added into the licensing if you want certain additional functionality, I find this a great model to ensure you only pay for what you need. 

I am currently dealing with SailPoint and One Identity at the same time in making some comparisons. They are both very good products with their pros and cons. 

The advice that I would give to people considering SailPoint is to be sure you get a good experienced service integrator to help you with the product. Somebody who has done it before knows the best ways to implement it and make the system work properly to meet your business application. They have the battle scars and can help you navigate around any potential issues

On a scale from one to ten where one is the worst and ten is the best, I would rate IdentityIQ as a nine-out-of-ten.