SailPoint IdentityIQ Review

It has automated access governance but the multi-aggregation feature needs improvement.

Valuable Features

Certification of user's access, enabling the organization to have a strict governance of what its employees are for entitled to currently.

Improvements to My Organization

By using this product the organization has moved from manual access governance done previously to automated governance which has a full audit trail, and this is very beneficial.

Room for Improvement

Some of the features like multi-aggregation and self healing feature in case of corrupted certificates would be pretty useful which would enable easy debugging in case of issues.

Use of Solution

More than two years.

Deployment Issues

No, the deployment is pretty straightforward.

Stability Issues

No, the product is pretty stable given it has sufficient clustering and HA catered for seamless 24x7 high volume access.

Scalability Issues

Yes, with a growing number of certificates there was slowness in the overall certificate generation time which I believe is corrected in the upcoming release of the solution.

Customer Service and Technical Support

Customer Service:


Technical Support:


Previous Solutions

Yes, we used Aveksa's access governance which seemed to have a lot of issues with regards to aggregation and certificate generation which prompted the switch to Sailpoint.

Initial Setup

It was pretty straightforward, just need to follow installation documentation properly.

Implementation Team

It was done by the in-house team.

Other Solutions Considered

Aveksa was compared with Sailpoint identityIQ and Sailpoint IdentityIQ fared better in terms of performance and features.

Other Advice

If you are looking for a product that would suit your access governance needs then perhaps Sailpoint identity IQ is a good option, but if you require automatic remediation capabilities as well then you might need to integrate it with an identity management product like OIM.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Engineer with 501-1,000 employeesVendor

Interested in your comment on automatic remediation. What do you mean by this as I believe this is a core function of the product?

26 March 15
Security Consultant at a tech services company with 51-200 employeesConsultant

Hi per the product feature..once you remediate an item in can only be removed from iiq but not from the end resource to which the remediated entitlement or role is linked with..for this their are remediation teams to perform the task for most of the resources..combining this with OIM the leverage of not depending on manual tasks for remediation as it can then happen as soon as the remediation action is selected and finalized.

26 March 15
Engineer with 501-1,000 employeesVendor

Okay, for som connectors like the DelimitedFile connector you will have a "manual action" workitem to remove an entitlement or account. However, a great deal of the connectors (since version 6.0) have been able to support the PROVISIONING featurestring (observe the application XML) and so you can fully de-provision entitlements and accounts. Look at the provisioning policies tab in the application definition. Any questions just reach out to the Compass support community @ Sailpoint

01 April 15
Senior Director at a insurance company with 10,001+ employeesReal User

SailPoint has a ton of end point remediation capabilities. This is one of the strengths of the product including Native Change Detection. Reaching out and sync'ing state with end-points to IIQ is one of the things it does very, very well. There are a number of options you can take from very draconian to launching a new certification to certify the end-point discrepancy. I'd place it toe-to-toe with any other product in this category. I don't know any other product that can beat it in terms of capability and ease of implementation here.

15 June 15
Sign Up with Email