SailPoint IdentityIQ Review

It has automated access governance but the multi-aggregation feature needs improvement.

What is most valuable?

Certification of user's access, enabling the organization to have a strict governance of what its employees are for entitled to currently.

How has it helped my organization?

By using this product the organization has moved from manual access governance done previously to automated governance which has a full audit trail, and this is very beneficial.

What needs improvement?

Some of the features like multi-aggregation and self healing feature in case of corrupted certificates would be pretty useful which would enable easy debugging in case of issues.

For how long have I used the solution?

More than two years.

What was my experience with deployment of the solution?

No, the deployment is pretty straightforward.

What do I think about the stability of the solution?

No, the product is pretty stable given it has sufficient clustering and HA catered for seamless 24x7 high volume access.

What do I think about the scalability of the solution?

Yes, with a growing number of certificates there was slowness in the overall certificate generation time which I believe is corrected in the upcoming release of the solution.

How are customer service and technical support?

Customer Service:


Technical Support:


Which solution did I use previously and why did I switch?

Yes, we used Aveksa's access governance which seemed to have a lot of issues with regards to aggregation and certificate generation which prompted the switch to Sailpoint.

How was the initial setup?

It was pretty straightforward, just need to follow installation documentation properly.

What about the implementation team?

It was done by the in-house team.

Which other solutions did I evaluate?

Aveksa was compared with Sailpoint identityIQ and Sailpoint IdentityIQ fared better in terms of performance and features.

What other advice do I have?

If you are looking for a product that would suit your access governance needs then perhaps Sailpoint identity IQ is a good option, but if you require automatic remediation capabilities as well then you might need to integrate it with an identity management product like OIM.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More SailPoint IdentityIQ reviews from users
...who work at a Energy/Utilities Company
...who compared it with NetIQ Identity Governance
Learn what your peers think about SailPoint IdentityIQ. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
523,431 professionals have used our research since 2012.
Add a Comment
ITCS user

author avatarit_user88623 (Engineer with 501-1,000 employees)

Interested in your comment on automatic remediation. What do you mean by this as I believe this is a core function of the product?

author avatarit_user191790 (Security Consultant at a tech services company with 51-200 employees)

Hi per the product feature..once you remediate an item in can only be removed from iiq but not from the end resource to which the remediated entitlement or role is linked with..for this their are remediation teams to perform the task for most of the resources..combining this with OIM the leverage of not depending on manual tasks for remediation as it can then happen as soon as the remediation action is selected and finalized.

author avatarit_user88623 (Engineer with 501-1,000 employees)

Okay, for som connectors like the DelimitedFile connector you will have a "manual action" workitem to remove an entitlement or account. However, a great deal of the connectors (since version 6.0) have been able to support the PROVISIONING featurestring (observe the application XML) and so you can fully de-provision entitlements and accounts. Look at the provisioning policies tab in the application definition. Any questions just reach out to the Compass support community @ Sailpoint

author avatarit_user254895 (Senior Director at a insurance company with 10,001+ employees)

SailPoint has a ton of end point remediation capabilities. This is one of the strengths of the product including Native Change Detection. Reaching out and sync'ing state with end-points to IIQ is one of the things it does very, very well. There are a number of options you can take from very draconian to launching a new certification to certify the end-point discrepancy. I'd place it toe-to-toe with any other product in this category. I don't know any other product that can beat it in terms of capability and ease of implementation here.