SailPoint started as a product for certification and governance. This is their most mature module and the first portion of the tool my clients want to implement.
But other valuable features are the strong user interface, quick ability to stand up solution, and many out of box connector.
Improvements to My Organization
This product, when implemented correctly, can streamline access control operations, reduce risk by provisioning and de-provisioning access quickly and hold approvers accountable for decisions on access.
Room for Improvement
There seems to be a rush to add new features in SailPoint. I would prefer cutting the amount of features in half to increase the stability, reduce the resource utilization and reduce bugs..
Use of Solution
I have been using IdentityIQ and other Identity and Access Management solutions for over 3 years
We encountered major issues with the Active Directory connector caching configurations and concurrent major release upgrades. If you are running SailPoint 5.3, you need to update to 5.5, 6.0, 6.1, and 6.2 before upgrading to 6.3, it was a mess.
Although it seems to be getting better, for each deployment it seems a new set of bugs appear. There has never been a deployment where we have not encountered a product bug. If you are looking to do a deployment it may be better to deploy on the previous version with the latest patch than with a new version (e.g. 6.2.5 instead of 6.3).
Being based on Java, this tool is very heavy in memory and in processing. Word of advice, for large implementations be sure to use Intel processors. SailPoint supports Unix deployments, but it really is only better for smaller environments
Customer Service and Technical Support
SailPoint has a strong account management and support team, each company has an account manager and they are available to escalate issues quickly. Do not hesitate to escalate issues if they are time sensitive, sometimes it is tough to get their attention if something needs to be resolved quickly. Technical Support
Similar to customer service, the technical support is strong. It might take a few times back and forth to get them out of the “try this and send us your logs” cycle, but getting them on a WebEx or LiveMeeting is a great way to watch them shine.
The initial setup is very straight forward and it takes around 30 minutes end to end. It is a Java app on a web server; you can do it locally very quickly.
The initial setup is very straight forward and it takes around 30 minutes end to end. It is a Java app on a web server so you can do it locally and very quickly.
We have had deployments with combinations of consultants, vendor hours(~200), and in house teams. The vendor help has always been very good, albeit sometimes you may get a fresh college graduate as an expert.
We achieve two returns in the investment in a SailPoint implementation. We were able to streamline access control related business processes and reduce identity management and access control risks, including potential audit/regulatory findings.
Pricing, Setup Cost and Licensing
The other major players in the Identity Management space are Oracle OIM/OIA, Aveska and CA Technologies Identity Management. We had evaluated all via a vendor scorecard.
It is very difficult to go at this alone. If you are interested in implementing send your engineers to the SailPoint provisioning training and get a few experienced consultants to help you.
Disclosure: My company has a business relationship with this vendor other than being a customer: My firm is a partner with SailPoint and we are in a joint business relationship.
Jan 29 2015