SailPoint Identity IQ

Today there are many  products available  in the market providing IDM solution to enterprise applications.Then what is new about the Sailpoint IdentityIQ?

The answer lies in its approach to provide the solution.

Existing IDM products are IT focused and their efficiency mostly depends upon the IT helpdesk and the IT technical team.Sailpoint aims at shifting more and more Identity & access processes from the IT technical team to the end users so that the dependency is as less as possible on the technical team. So we can say this product is more of Business focused as compared to other IDM products which are IT focused.It has a single use interface as compared to the existing IDM products having multiple interfaces with multiple contexts.

SAILPOINT IdentityIQ  integrates ‘provisioning and compliance features’ into a single solution.Thus this IDM product is able to address all the needs related to Identity and Access management such as ‘access certifications’ , ‘policy enforcement’,’account provisioning’ and ‘user life-cycle management’.

SAILPOINT IDENTITY IQ consists of 4 major components:

  1. Compliance Manager
  2. Lifecycle Manager
  3. Governance Platform
  4. User Provisioning


SailPoint IdentityIQ Compliance Manager automates the common auditing, reporting and management activities and integrates identity processes such as Access certification* and Policy enforcement*

Compliance Manager helps to prioritize the most critical compliance activities and focuses controls on the users, resources and access privileges that represent the greatest potential risk.

It proactively detects and prevent inappropriate access and violations of corporate policies

It ensures compliance and better manage risk during mergers and acquisitions

*Access Certifications: The periodic review of user access privileges in order to validate that access privileges align with a user’s job function and conform to policy guidelines. Access certifications are commonly used as an internal control to ensure compliance with regulations.

*Policy Enforcement: The set of preventive and detective controls that automatically ensure that defined policy is followed by the organization.


SailPoint IdentityIQ Lifecycle Manager allows business users to easily request access and reset passwords themselves from a centralized, business-friendly interface. By applying policy to all user lifecycle processes, IdentityIQ Lifecycle Manager ensures users acquire only the most appropriate levels of access for their job function.

IdentityIQ Lifecycle Manager automates change to user access, resulting from a range of identity lifecycle events (i.e., new hires, transfers, moves or terminations) through integration with authoritative sources, such as HR systems and corporate directories. When a lifecycle event is detected, Lifecycle Manager triggers the required changes by initiating the appropriate business process, including policy checking and approvals.

With Lifecycle Manager, we can:

• Empower business users to independently request and manage access

• Enable business users to proactively change and reset passwords

• Speed delivery of access using automated identity lifecycle events (i.e., hires, transfers, and terminations)

• Centralize access request and change processes

• Streamline IT operations and offload IT and help desk

Self-service access request: Centralized access request management allows managers and end users to conveniently request new access or make changes to existing access privileges within the constraints of your pre-defined identity policy and role models. It also provides an efficient, more accurate way to view existing access and remove access as needed, as well as to create and edit identities.

*Self-Service: The process of allowing users to request access to resources using a self-service interface, which uses workflow to route the request to the appropriate manager(s) for approval.

*Password management: Automation of the process for controlling setting, resetting and synchronizing passwords across systems.

Using the same business-friendly user interface, users and/or their approved delegates can change or reset passwords across target systems. Allowing end-users to proactively manage password changes can significantly reduce help desk calls. Most importantly, centralized password management will enables us to consistently enforce strong password policies, customized for each application.

*Event-based lifecycle management: To further streamline user on-boarding, off-boarding, and other job changes within the enterprise, we can add event-based lifecycle management to automatically trigger access changes based on HR or other authoritative feeds.


The SailPoint IdentityIQ Governance Platform centralizes identity data, captures business policy, models roles and proactively manages user and resource risk factors. Together, these integrated capabilities allow organizations to build preventive and detective controls that support critical identity business processes, including access certifications, access requests, lifecycle management and provisioning.

With the Governance Platform, we can:

• Centralize technical identity data across resources and transform it into rich, business relevant information

• Create, enforce and verify role-based access across diverse enterprise applications

• Prioritize compliance and security efforts by assessing the risk of each person, application and system resource across the environment

• Define and leverage enterprise access policies for detective and preventive control


SailPoint IdentityIQ Provisioning Broker acts as a bridge between compliance and user lifecycle processes, allowing consistent user interfaces and processes at the business layer that are separate from technical processes for implementing change. Provisioning Broker sends access change requests to automated provisioning systems, including IdentityIQ Provisioning Engine or third-party provisioning systems; and can also leverage manual change management processes by creating help desk tickets or manual work items to track progress of all changes requested by the business. This seamless orchestration of changes across access delivery mechanisms unifies policy enforcement, process monitoring and auditing, and gives organizations the flexibility to provision changes to user access in any way they choose.

With User Provisioning, we can:

• Speed the provisioning of access changes to our managed resources

• Improve compliance by implementing changes according to defined policy

• Generate documentation of provisioning changes for auditors

 *Provisioning: The process of granting, changing, or removing user access to systems, applications and databases based on a unique user identity.

Concept of Identity Cubes and Identity Attributes

  • SailPoint IdentityIQ represents users by Identity Cubes.
  • Identity Cubes are a correlated collection of accounts and entitlements that represent a single user in the real world.
  • Identity Cubes are multi-dimensional data models of identity information that offer a single, logical   representation of each managed user.
  • Each Cube contains information about user entitlements, user activity, and associated business context.
  • “Cubes” are built through a discovery process from authoritative sources i.e. by bringing in user account data from Authoritative Applications and are refreshed dynamically or by running a Identity Refresh Task
  • Identity Attributes are used to describe Identity Cubes and hence describe the real-world user.
  • Identity Attributes are created by directly mapping a list of attributes from various sources or derived through rules or mappings.
  • Example of Identity attributes are Name,Email,department etc

 User Discovery

  • A multi-step process by which Identity Cubes are created and updated with account and attribute data from multiple backend systems.
  • One or more “authoritative sources” (HR, Corporate Directory) supply the population of unique identities and start the creation of Identity Cubes.


  •  An IdentityIQ component which communicates with various targeted platforms, applications and systems to import application and account data. A connector is defined as part of an application. (Example: Delimited File Connector, JDBC, Active Directory, etc.)
  • SailPoint supports many of the industry standard databases as an Authoritative Resources. Few examples of Supported Connectors: Active Directory, DB2, Delimited File, IBM Tivoli Directory Server, IBM Tivoli Identity Manager, JDBC, LDAP, LDIF, Linux, Lotus Notes, Mainframe, MS SQL Server, MS SharePoint, Oracle DB, Oracle Apps, PeopleSoft, RACF,SAP, SAP HR, SAP Portal, Sales force, Solaris, Sun IDM, Sybase and many more.

 Account Aggregation

  • The process by which IdentityIQ creates and updates Identity Cubes with account, attribute and entitlement data accessed through configured Applications.
  • Account Aggregation is very similar to reconciliation within an identity management solution. Tasks are utilized to perform account aggregation.
  • Account Aggregation is achieved through defining and running reusable Account Aggregation tasks.

Hopefully its helpfull..


14 Responses to“SailPoint Identity IQ”

  1. devendra
    February 14, 2013 at 1:18 PM #

    Hi Vaibhav

    My Client has purchased the Sailpoint identity IQ product , we need to integrate other IT applications with Sailpoint identity IQ.
    Could you please help me in this regards for –
    1) Integration of applications
    2) Configurations required
    3) Customization possibility

    please revert ASAP

    Thanks in advance.

    • February 21, 2013 at 3:16 AM #

      Hi Devendra,

      Thanks for writing back.

      Its difficult to answer your questions here in a few lines.But yes Sailpoint is capable of being integrated with many other major applications.The configurations required depends upon that with which application are you integrating it.And yes, its UI customization is possible.You can change its UI as per your Clients requirements.

  2. akash
    July 31, 2013 at 8:41 PM #

    Hey Vaibhav,

    can you tell any site where i can tutorial on this would be of great help

    • August 1, 2013 at 5:15 AM #

      Hey Akash,

      There is almost nill material on the internet for Sailpoint.
      But there is a closed community Compass ( where people working on Sailpoint discuss there issues and also there is some study material.But access to this community is provided only to the Sailpoint Customers who purchase the product.

  3. Al Lee
    June 3, 2014 at 11:29 PM #

    Hi Vaibhav: Do you know if SP supports the changelog feature in the LDAP connector.

  4. Rahul Jain
    June 11, 2014 at 5:14 PM #

    Hey Vaibhav,

    Could you please share all the official documentation available for Sailpoint at my email id :

    Thanks in advance

    Rahul Jain

    • June 12, 2014 at 1:15 PM #

      Hello Rahul,
      Since its an official documentation,I may not be able to share it.
      You can get these via Compass Community for Sailpoint.

    • June 18, 2014 at 6:47 PM #

      Hello Rahul,

      You need to get access to Compass Sailpoint community to get access to Sailpoint Documentation.

  5. July 7, 2014 at 6:27 PM #

    One of our client has multiple open positions for Sailpoint Expert for CT, USA and India locations. If interested reach me

  6. Aby
    August 5, 2014 at 7:14 PM #

    We are using sailpoint to create/update/delete users from mutliple systems. we need to use custom connector for this. my question is for some scenarios like identityrefresh/certification etc we are not getting IdentityRequestId. so is it possible to generate the same from custom connector.

  7. koteswar
    October 20, 2014 at 7:22 PM #

    Hi Vibhav,
    Good Evening

    we have facing some issues while getting the identities from Application in SailPoint, Could you please provide me the basic code to get the identities from Applications aswell as please guide me how to add custom identities to custom Applications ?

    Please help me on this.

    Thanks in advance,
    Koteswar Maram

  8. srikanth
    April 21, 2016 at 6:38 AM #

    Hi, Please share documentation if any to


  9. srikanth
    April 21, 2016 at 6:38 AM #

    And can we get software in google

  10. January 5, 2017 at 4:06 PM #

    Hi Everyone,

    I am currently looking for Expert Sailpoint Consultants for a very exciting remote opportunity with one of my clients! This is a full time position with CTI Global, a leader in IT Security and Governance solutions since 1998! I am looking for a Senior Technical Consultant who is a SailPoint Identity Management-Governance Specialist. This is a very exciting position with the industry leader in IT Security and Governance complete with an excellent salary and bonus opportunities! Based on your resume, I think you would be perfect for it! If this opportunity interests you, please feel free to reach out by phone at 303-968-1312, or by email at

    Job Description:

    CTI has been a leader in IT Security and Governance solutions since 1998.We are currently looking for senior consultants and engineers to join our growing Professional Services team to implement advanced SailPoint software product based solutions for large customers in the Aerospace, Financial, Healthcare, Pharmaceutical, Insurance, Education and Government sectors.

    Main responsibilities will include:
    • Discovering, refining and analyzing customer requirements
    • Planning SailPoint product deployment
    • Determining optimal SailPoint solution design
    • Building, testing and supporting solution
    • Delivering knowledge transfer to customer staff

    Applicants MUST have solid (a minimum of 12 months experience) with:
    • SailPoint IIQ software product (CM and/or LCM)

    Applicants should additionally have at least 3 years of focused experience working in a large-enterprise setting with any two of the following technologies:
    • Access Certification / Compliance processes
    • User Account Provisioning
    • Password Management
    • Access Management / Single Sign On (SSO)
    • Federation / SAML
    • Data Synchronization or Virtualization
    • Directory Services (LDAP – compliant, Active Directory)

    Desired Technical Skill-sets
    • Java software development
    • Scripting (Beanshell)
    • Database (Oracle, MS SQL Server, etc.)
    • Application Server(s), such as WebLogic, Apache Tomcat or IBM WebSphere
    • Unix (preferred: Linux)
    • Microsoft Windows Server 20XX

    • CTI provides a dynamic, professional career path to its full-time field consultant staff which includes continual technical / product training. A highly competitive base salary and full benefits package, with the opportunity to participate in an incentive bonus plan and continual professional development are offered.

    Other Points:
    • 4-year college degree in engineering or computer science is preferred (graduate degree or graduate work a big plus)
    • Any base location in the continental US
    • Customer sites throughout the US
    • Opportunity to work from home office or a CTI office
    • Travel averaging 40-50% per year, with 2-3 week bursts, is possible

    Thanks for your time,

    Michael Hull
    National Talent Sourcer
    T: 303-968-1312

Leave a Reply

Your email address will not be published. Required fields are marked *


Proudly powered by WordPress   Premium Style Theme by