SailPoint Identity Security Cloud Reviews

We use the on-premises and cloud deployment models. We use it for many uses like compliance control, provisioning, automated provisioning, password management, and identity governance.

The compliance features are the most valuable features. 

I would like for the client base to be improved. Also, they should change what they charge for the licenses.  

They should lower the price and technical support should be better. Their support takes a long time to respond and they're not straightforward.

The stability is good. 

Scalability is good. Based on compliance, it is good. 

We've had issues with support. 

The initial setup is straightforward. The time it takes to deploy depends on the size of the organization but it is reasonable. 

I would rate it a seven out of ten. Not a ten because of the support and because of the high price. 

We primarily use this solution to manage our identity. We use it for identity access and onboarding accounts and users.

Previously, when someone came on board, it took them almost a week or two to get access, to settle in, to be able to become productive. Now, with SailPoint, we can get all of that done within a few hours. It has decreased the onboarding process and increased productivity.

So far, we are still in the implementation phase, but one feature that is so valuable is the life cycle management of identity. We also like the integration with other systems. Is very robust and solid. They built some plugins that are really well thought out and they handle most of our requirements. We also like the user interface of the product.

The service could be improved with some more out-of-the-box features. If the solution could make the forms more customizable, for example. They are very generic and any changes you make to them, you are doing customization. The solution needs more templates that meet general needs.

I would like to see more Cloud management from this product. Right now they have some, but they are currently plug-ins. It does not handle the management of some of the groups or dynamic groups in the Cloud. I would like to see that in the future. I have heard that they are releasing one soon, but I'm not sure when. That will help us a lot because we are a hybrid solution company. We have some on-prem, some in the Cloud, and we want to manage both.

I've been using the solution for one and a half years.

When we were doing the request for proposal, we did evaluate stability and got some references from other big enterprise companies that use the product. So we knew, before we selected, we knew that they had a solid product. We've heard that from many of the references we received. But when they came and did the presentation for us, they impressed us. They knew the product, they listened to what we needed, what our pain points were, and they were able to answer our questions and provide us with answers to some of our use cases. We had our requirements and they were pretty much the only one from the other vendors that we selected that could meet ninety percent of all requirements. The rest, they were limited. They had some, or they were struggling on one feature, but not others. But SailPoint, they were strong in most of them.

In terms of scalability, they can handle it. That was one of our requirements is how they could scale. We asked what number of accounts they can handle, and they were way beyond those. Some of their previous implementation, some of the companies they implemented for, they were four times the size of our company. So we were aware that this solution could handle our growth.

I would say we have about eighteen thousand users. 

Right now we are using the solution for onboarding user accounts. Primary and secondary accounts. Our second phase will be managing groups and applications, access to new groups and applications. Then the third, we'll go a little bit with analytics with doing some risk-scoring. Beyond that, we might even use it for any new innovation or company comes with, in terms of managing access to devices and IOTs.

So far the integrators have been doing the support. I wish the support from SailPoint was a little bit faster than we've experienced so far. It has taken, sometimes, a couple of weeks to get feedback from them. At the same time, support played a big role in selecting the product.

Previously, we picked a product that got moved between so many companies and got bought and merged, so the support was really horrible. We had bad support back then.

The initial setup was straightforward. We knew our requirements, and we've got all the infrastructure required for the system. We didn't have a lot of issues with the product itself. There were some vulnerabilities in the product, but they addressed them in the next version. They were able to address them in version 7.3.

Our deployment took us about, I would say a week. We had to do it in different phases. 

The implementation strategy we had was to start with first, deploying development and QA systems. Then gather lessons learned from these systems, then go to production. That helped us a lot because we found out that we have a lot of concerns with our infrastructure. There were a lot of firewalls that we had to open to communicate with the external system, with the Cloud system that we needed to connect to. So, a lot of that was more like ad-hoc testing. Because we weren't sure how many of the firewall ports we needed to open and which ones we needed. That took a lot of our time. It was just the infrastructure from our end. In terms of the installation of the product and the implementation of it, that was very quick.

We have a big staff because we are integrating with so many other systems from HR to Active Directory to SAP. So the core team is about twelve to twenty people, but the extended team, I would say, if you combine them all together with all the work we've done, is probably more than thirty or forty. They are not all technical. Some of them were just there for governance or requirement gathering.

We use an integrator to do all the coding for us, and that worked very well. They knew the product. They've implemented for a while for other clients. The company we work with is called Edgile and we have had a great experience working with them. We work very well with them. We consider them our partners. They understand our requirements, and they give us their feedback and their best practices. So we have a good relationship.

In terms of our phase one, to get people onboarded right away, within a day, that has saved us a lot of money. Also, the product discovered a lot of clean-up that we needed to do in the kind of systems that we integrate. Previously, we didn't know. So that helped us a lot in cleaning up some of our data. 

There are so many other features and other things that we can do probably, that we haven't gotten to that we know is going to save a lot in terms of the password reset support. Right now, our outsource company handles that. Once we start implementing that in a few more weeks, people will have self-service password resets. They don't need to call the help desk to get it unlocked. It costs us money, using the help desk. They will be able to do it themselves and it will save us money.

Group management and access to the application will help us too. Right now, that's all done through ticket requests and manual access implementation. In our next phase, that's all going to be automated where do you go to a form and select that and you get access, get approved and get access. It will save us a lot of time from the support respect.

The licensing fees are on a yearly basis. That's not my part of the job, so I don't know what the costs are. I handle Bio Supply management so I really don't know.

There are add-ons. A lot of them have to do with if we want any plug-in's. So if there's any new system that comes to our company that we want to integrate with, they sell their plug-ins as an add-on. It's not out-of-the-box. So integration with Active Directory, that was an add-on. Integration with SAP, that was an add-on. They are their own module. They are not packaged with the product that comes with it. You have to buy them separately. But, everybody needs them.

We had our previous vendor submit in our RFP, but they did not bring anything to the table that was new. There weren't many enhancements and improvements to the product and we really did not have a good experience with their support. 

We were looking at One Identity. SAPIEN was another one we looked at. Also, Okta, NetIQ, and Centrify. But, some of them were mainly cloud-based. Some of them were a mix of both, but more of cloud and less of on-prem. So, SailPoint was the right one that handled both.

We had some use cases that we gave to them and we needed them to answer how they would implement that use case. We wanted that feedback out of all of the vendors. SailPoint was the only one that came back with the right answers.

We have some old processes in place that need to be revisited and updated. Those, of course, made our implementation a little bit late and we ran into some issues.

One of the hurdles has been that people are used to the old method and when a new change comes in, a lot of people are not very open-minded to it. So it takes a lot of training and convincing about this new technology. We need to make changes to the way the form looks, the process. We had to make a lot of changes to the current processes. We had very outdated processes that were not working well for us because we had to get a lot of exceptions. And any exceptions you make, you tend to break automation and start doing manual processes, and that slows down productivity. 

That was a little bit frustrating and a lesson learned. Feedback from the client and explaining to them why we're changing some of the processes, policies, and standards was challenging. But we had to do a lot of cleanup before doing the implementation. We had an old system that was there for more than seven years. So that product was almost at the end of its life and we had a lot of complaints from the client that they were fed up with it. They wanted a change. But they were not expecting a change to the forms and the processes. They were expecting us to just solve the issues and move on, not a big system change. So we're training people. We created a lot of videos for them to play back when they request things. That helped a lot. We created a blog for them to give us any of their feedback. So we can make improvements because we are still in phase two of our implementation. We still have three more phases to go.

For advice, I would say to make sure you gather your requirements first. Make sure you have more thoughts, make sure you know what your pain points are and what are you expecting to get out of the product that you select. That will help you a lot in selecting the right vendors. Secondly, have some solid use cases, and when you use those use cases, most of the time you should know the answer to the questions. That will help you in identifying who can meet your requirements.

Do your diligence in terms of getting some references. Specifically, references for a current implementation from another customer. Getting that information from that customer will help you a lot in terms of how their implementation went, and what their pain points were in implementation.

I would give the solution a nine out of ten. When every possible manual process we have right now can get automated, I'll give it a ten. We still have some processes that we have to do manually.

We primarily use this solution for simplifying the IAM lifecycle, naming conventions, and application onboarding.

This solution has improved our organization through its ease of application onboarding, approvals, provisioning, and lifecycle UI performance.

I have found all of the features valuable and easy to use.

I think that the onboarding framework could be improved.

We use it for Identity Lifecycle Management: 

• Access requests
• Provisioning
• Deprovisioning
• JCT process and reconciliation (aggregation).

It provides one solution for the entire process in a complex environment with different types of applications and connectors.

All Identity Access Management processes in the tool are valuable. 

The product has poor reporting and analytic capabilities. Reports are not easy to use and its analytic capabilities are limited.

It is a stable tool, which we run in our complex environment.

SailPoint IIQ Features:

• Compliance controls
• Access request and automated provisioning
• Password management
• Data access governance
• Role lifecycle management

Great product to manage the access control of users.

• Provides good authorization and authentication system functionality.
• Keeps data safe.

• Report generation
• Compliance manager dashboard reporting
• Policy violation
• Access certification, etc.

Needs to focus on automation wherein provisioning of work can be improved and access certification should be automated without the intervention from a manager for approval.

Not applicable.

Enterprise application provisioning and certifications. Provisioning automatically grants access to users based on pre-qualified variables like job function, region, etc; Certification feature of IIQ allows teams to go back and validate that access is still valid, limiting access to those who need

Improved visibility into who has access to what improved ability to validate and certify enterprise access to sensitive applications, useful for measurement and forecasting.

Automated provisioning platform, certification because it helps with automatically provisioning users based on discreet roles, access profiles, across many different applications.

What used to be very complex can be simplified if implemented correctly.

Some of the configuration options could be more automated, but this is a complex problem and I do not expect a simple solution.

One to three years.

No.

No.

Excellent, they have a well supported active community of experts and support personnel.

No.

It can be a bit complex and requires training and a strong background in IT systems and some software development, but other than that it can be learned over time.

N/A.

I implement enterprise software solutions for my clients and SailPoint happens to be one of them.

Work with experience solutions experts who have worked with this tool before. Complement them with experience, and the tools needed to succeed including strong testing and development, project management and team support.

The Certification and Provisioning features are most valuable.

Manager Certification helped to review user access and revoked unnecessary accesses to various applications.

The connector for EPIC, ServiceNow, and Duo.

More than a year.

None, except cosmetics issues related to UI and documentation.

No.

Excellent.

We didn’t have a solution for Certification, but we had a homegrown solution for all other IAM processes. For various reasons, we switched to IIQ.

It was straightforward.

They are expensive.

Yes. We tried Oracle and ForgeRock IAM products.

Just go for this product. Its awesome.

The level of customization for data imports and role modeling, because it helps to integrate faster, support easier and let it reuse the organization role structure.

It allowed us to execute account review campaigns from very different systems.

Some setups should be done in the interface and in the code, and could be made simpler.

So far, from 2008 to 2017: 10 years.

No, the product is stable.

As long as the database is very close to the application server, the system can manage many identities and connectors to various directory.

Their technical support was very knowledgeable of their product, and we get answers within a day or so most of the time.

Most of the clients kept the solution after using SailPoint IIQ. The only one that considered not using it anymore wanted to keep his historical supplier and to have the same solution for Identity Governance and Administration and for Authentication (which is not something SailPoint provides).

Initial installation is straightforward and takes less than one day, once you have a VM, a database, and a directory available. What takes the most time is the connectivity to each authoritative source and target directory.

SailPoint IIQ is the best of best. That is reflected in the pricing of the solution. The pricing is based on the number of identities.

Many clients considered the other main IGA solutions, like Oracle Identity Manager, CA Identity Manager, Microsoft Identity Manager, or NetIQ Identity Manager.

Make sure the distance between the database and application server is very short. There is natural integration with other solutions that should be considered in your selection, like with CyberArk or ServiceNow.