We just raised a $30M Series A: Read our story

SailPoint IdentityIQ OverviewUNIXBusinessApplication

SailPoint IdentityIQ is the #1 ranked solution in our list of top User Provisioning Software. It is most often compared to CyberArk Privileged Access Manager: SailPoint IdentityIQ vs CyberArk Privileged Access Manager

What is SailPoint IdentityIQ?

SailPoint is the leader in identity security for the cloud enterprise. We’re committed to protecting businesses from the inherent risk that comes with providing technology access across today’s diverse and remote workforce. Our identity security solutions secure and enable thousands of companies worldwide, giving our customers unmatched visibility into the entirety of their digital workforce, and ensuring that each worker has the right access to do their job, no more, no less. With SailPoint at the foundation of their business, our customers can provision access with confidence, protect business assets at scale and ensure compliance with certainty.

SailPoint IdentityIQ is also known as IdentityIQ, SailPoint IdentityNow.

SailPoint IdentityIQ Buyer's Guide

Download the SailPoint IdentityIQ Buyer's Guide including reviews and more. Updated: September 2021

SailPoint IdentityIQ Customers

Adobe, AXA Technology Services, Cuna Mutual Group, Equifax, ING Direct, Orrstown Bank, Rockwell Automation, SallieMae, Spirit Aerosystems, TEL

SailPoint IdentityIQ Video

Archived SailPoint IdentityIQ Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
MK
Technical lead at a tech services company with 11-50 employees
Real User
Good compliance features but their support takes a long time to respond

What is our primary use case?

We use the on-premises and cloud deployment models. We use it for many uses like compliance control, provisioning, automated provisioning, password management, and identity governance.

What is most valuable?

The compliance features are the most valuable features. 

What needs improvement?

I would like for the client base to be improved. Also, they should change what they charge for the licenses.   They should lower the price and technical support should be better. Their support takes a long time to respond and they're not straightforward.

For how long have I used the solution?

I have been using IdentityIQ for around two years.

What do I think about the stability of the solution?

The stability is good. 

What do I think about the scalability

What is our primary use case?

We use the on-premises and cloud deployment models. We use it for many uses like compliance control, provisioning, automated provisioning, password management, and identity governance.

What is most valuable?

The compliance features are the most valuable features. 

What needs improvement?

I would like for the client base to be improved. Also, they should change what they charge for the licenses.  

They should lower the price and technical support should be better. Their support takes a long time to respond and they're not straightforward.

For how long have I used the solution?

I have been using IdentityIQ for around two years.

What do I think about the stability of the solution?

The stability is good. 

What do I think about the scalability of the solution?

Scalability is good. Based on compliance, it is good. 

How are customer service and technical support?

We've had issues with support. 

How was the initial setup?

The initial setup is straightforward. The time it takes to deploy depends on the size of the organization but it is reasonable. 

What other advice do I have?

I would rate it a seven out of ten. Not a ten because of the support and because of the high price. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
JO
IT Engineer at a energy/utilities company with 1,001-5,000 employees
Real User
ROI has been outstanding and our user onboarding time has been significantly decreased

Pros and Cons

  • "We like the integration with other systems."
  • "I would like to see more Cloud management from this product."

What is our primary use case?

We primarily use this solution to manage our identity. We use it for identity access and onboarding accounts and users.

How has it helped my organization?

Previously, when someone came on board, it took them almost a week or two to get access, to settle in, to be able to become productive. Now, with SailPoint, we can get all of that done within a few hours. It has decreased the onboarding process and increased productivity.

What is most valuable?

So far, we are still in the implementation phase, but one feature that is so valuable is the life cycle management of identity. We also like the integration with other systems. Is very robust and solid. They built some plugins that are really well thought out and they handle most of our requirements. We also like the user interface of the product.

What needs improvement?

The service could be improved with some more out-of-the-box features. If the solution could make the forms more customizable, for example. They are very generic and any changes you make to them, you are doing customization. The solution needs more templates that meet general needs.

I would like to see more Cloud management from this product. Right now they have some, but they are currently plug-ins. It does not handle the management of some of the groups or dynamic groups in the Cloud. I would like to see that in the future. I have heard that they are releasing one soon, but I'm not sure when. That will help us a lot because we are a hybrid solution company. We have some on-prem, some in the Cloud, and we want to manage both.

For how long have I used the solution?

I've been using the solution for one and a half years.

What do I think about the stability of the solution?

When we were doing the request for proposal, we did evaluate stability and got some references from other big enterprise companies that use the product. So we knew, before we selected, we knew that they had a solid product. We've heard that from many of the references we received. But when they came and did the presentation for us, they impressed us. They knew the product, they listened to what we needed, what our pain points were, and they were able to answer our questions and provide us with answers to some of our use cases. We had our requirements and they were pretty much the only one from the other vendors that we selected that could meet ninety percent of all requirements. The rest, they were limited. They had some, or they were struggling on one feature, but not others. But SailPoint, they were strong in most of them.

What do I think about the scalability of the solution?

In terms of scalability, they can handle it. That was one of our requirements is how they could scale. We asked what number of accounts they can handle, and they were way beyond those. Some of their previous implementation, some of the companies they implemented for, they were four times the size of our company. So we were aware that this solution could handle our growth.

I would say we have about eighteen thousand users. 

Right now we are using the solution for onboarding user accounts. Primary and secondary accounts. Our second phase will be managing groups and applications, access to new groups and applications. Then the third, we'll go a little bit with analytics with doing some risk-scoring. Beyond that, we might even use it for any new innovation or company comes with, in terms of managing access to devices and IOTs.

How are customer service and technical support?

So far the integrators have been doing the support. I wish the support from SailPoint was a little bit faster than we've experienced so far. It has taken, sometimes, a couple of weeks to get feedback from them. At the same time, support played a big role in selecting the product.

Which solution did I use previously and why did I switch?

Previously, we picked a product that got moved between so many companies and got bought and merged, so the support was really horrible. We had bad support back then.

How was the initial setup?

The initial setup was straightforward. We knew our requirements, and we've got all the infrastructure required for the system. We didn't have a lot of issues with the product itself. There were some vulnerabilities in the product, but they addressed them in the next version. They were able to address them in version 7.3.

Our deployment took us about, I would say a week. We had to do it in different phases. 

The implementation strategy we had was to start with first, deploying development and QA systems. Then gather lessons learned from these systems, then go to production. That helped us a lot because we found out that we have a lot of concerns with our infrastructure. There were a lot of firewalls that we had to open to communicate with the external system, with the Cloud system that we needed to connect to. So, a lot of that was more like ad-hoc testing. Because we weren't sure how many of the firewall ports we needed to open and which ones we needed. That took a lot of our time. It was just the infrastructure from our end. In terms of the installation of the product and the implementation of it, that was very quick.

We have a big staff because we are integrating with so many other systems from HR to Active Directory to SAP. So the core team is about twelve to twenty people, but the extended team, I would say, if you combine them all together with all the work we've done, is probably more than thirty or forty. They are not all technical. Some of them were just there for governance or requirement gathering.

What about the implementation team?

We use an integrator to do all the coding for us, and that worked very well. They knew the product. They've implemented for a while for other clients. The company we work with is called Edgile and we have had a great experience working with them. We work very well with them. We consider them our partners. They understand our requirements, and they give us their feedback and their best practices. So we have a good relationship.

What was our ROI?

In terms of our phase one, to get people onboarded right away, within a day, that has saved us a lot of money. Also, the product discovered a lot of clean-up that we needed to do in the kind of systems that we integrate. Previously, we didn't know. So that helped us a lot in cleaning up some of our data. 

There are so many other features and other things that we can do probably, that we haven't gotten to that we know is going to save a lot in terms of the password reset support. Right now, our outsource company handles that. Once we start implementing that in a few more weeks, people will have self-service password resets. They don't need to call the help desk to get it unlocked. It costs us money, using the help desk. They will be able to do it themselves and it will save us money.

Group management and access to the application will help us too. Right now, that's all done through ticket requests and manual access implementation. In our next phase, that's all going to be automated where do you go to a form and select that and you get access, get approved and get access. It will save us a lot of time from the support respect.

What's my experience with pricing, setup cost, and licensing?

The licensing fees are on a yearly basis. That's not my part of the job, so I don't know what the costs are. I handle Bio Supply management so I really don't know.

There are add-ons. A lot of them have to do with if we want any plug-in's. So if there's any new system that comes to our company that we want to integrate with, they sell their plug-ins as an add-on. It's not out-of-the-box. So integration with Active Directory, that was an add-on. Integration with SAP, that was an add-on. They are their own module. They are not packaged with the product that comes with it. You have to buy them separately. But, everybody needs them.

Which other solutions did I evaluate?

We had our previous vendor submit in our RFP, but they did not bring anything to the table that was new. There weren't many enhancements and improvements to the product and we really did not have a good experience with their support. 

We were looking at One Identity. SAPIEN was another one we looked at. Also, Okta, NetIQ, and Centrify. But, some of them were mainly cloud-based. Some of them were a mix of both, but more of cloud and less of on-prem. So, SailPoint was the right one that handled both.

We had some use cases that we gave to them and we needed them to answer how they would implement that use case. We wanted that feedback out of all of the vendors. SailPoint was the only one that came back with the right answers.

What other advice do I have?

We have some old processes in place that need to be revisited and updated. Those, of course, made our implementation a little bit late and we ran into some issues.

One of the hurdles has been that people are used to the old method and when a new change comes in, a lot of people are not very open-minded to it. So it takes a lot of training and convincing about this new technology. We need to make changes to the way the form looks, the process. We had to make a lot of changes to the current processes. We had very outdated processes that were not working well for us because we had to get a lot of exceptions. And any exceptions you make, you tend to break automation and start doing manual processes, and that slows down productivity. 

That was a little bit frustrating and a lesson learned. Feedback from the client and explaining to them why we're changing some of the processes, policies, and standards was challenging. But we had to do a lot of cleanup before doing the implementation. We had an old system that was there for more than seven years. So that product was almost at the end of its life and we had a lot of complaints from the client that they were fed up with it. They wanted a change. But they were not expecting a change to the forms and the processes. They were expecting us to just solve the issues and move on, not a big system change. So we're training people. We created a lot of videos for them to play back when they request things. That helped a lot. We created a blog for them to give us any of their feedback. So we can make improvements because we are still in phase two of our implementation. We still have three more phases to go.

For advice, I would say to make sure you gather your requirements first. Make sure you have more thoughts, make sure you know what your pain points are and what are you expecting to get out of the product that you select. That will help you a lot in selecting the right vendors. Secondly, have some solid use cases, and when you use those use cases, most of the time you should know the answer to the questions. That will help you in identifying who can meet your requirements.

Do your diligence in terms of getting some references. Specifically, references for a current implementation from another customer. Getting that information from that customer will help you a lot in terms of how their implementation went, and what their pain points were in implementation.

I would give the solution a nine out of ten. When every possible manual process we have right now can get automated, I'll give it a ten. We still have some processes that we have to do manually.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Learn what your peers think about SailPoint IdentityIQ. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
541,708 professionals have used our research since 2012.
JS
Global Advisory Board for Certified Threat Intelligence CTIA at EC-Council
Real User
Ease of application onboarding, approvals, provisioning, and lifecycle UI performance have improved my organization

What is our primary use case?

We primarily use this solution for simplifying the IAM lifecycle, naming conventions, and application onboarding.

How has it helped my organization?

This solution has improved our organization through its ease of application onboarding, approvals, provisioning, and lifecycle UI performance.

What is most valuable?

I have found all of the features valuable and easy to use.

What needs improvement?

I think that the onboarding framework could be improved.

For how long have I used the solution?

Three to five years.

What is our primary use case?

We primarily use this solution for simplifying the IAM lifecycle, naming conventions, and application onboarding.

How has it helped my organization?

This solution has improved our organization through its ease of application onboarding, approvals, provisioning, and lifecycle UI performance.

What is most valuable?

I have found all of the features valuable and easy to use.

What needs improvement?

I think that the onboarding framework could be improved.

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Charles Abreu
Digital Technology Leader, Risk Operations at Baker Hughes, a GE company
Real User
It is a stable tool, which we run in our complex environment

What is our primary use case?

We use it for Identity Lifecycle Management:  Access requests Provisioning Deprovisioning JCT process and reconciliation (aggregation).

How has it helped my organization?

It provides one solution for the entire process in a complex environment with different types of applications and connectors.

What is most valuable?

All Identity Access Management processes in the tool are valuable. 

What needs improvement?

The product has poor reporting and analytic capabilities. Reports are not easy to use and its analytic capabilities are limited.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is a stable tool, which we run in our complex environment.

What is our primary use case?

We use it for Identity Lifecycle Management: 

  • Access requests
  • Provisioning
  • Deprovisioning
  • JCT process and reconciliation (aggregation).

How has it helped my organization?

It provides one solution for the entire process in a complex environment with different types of applications and connectors.

What is most valuable?

All Identity Access Management processes in the tool are valuable. 

What needs improvement?

The product has poor reporting and analytic capabilities. Reports are not easy to use and its analytic capabilities are limited.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It is a stable tool, which we run in our complex environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user787611
User at a tech services company with 10,001+ employees
Real User
Great product to manage the access control of users

What is our primary use case?

SailPoint IIQ Features: Compliance controls Access request and automated provisioning Password management Data access governance Role lifecycle management Great product to manage the access control of users.

How has it helped my organization?

Provides good authorization and authentication system functionality. Keeps data safe.

What is most valuable?

Report generation Compliance manager dashboard reporting Policy violation Access certification, etc.

What needs improvement?

Needs to focus on automation wherein provisioning of work can be improved and access certification should be automated without the intervention from a manager for approval.

For how long have I used the solution?

One to three years.

Which solution did I use previously

What is our primary use case?

SailPoint IIQ Features:

  • Compliance controls
  • Access request and automated provisioning
  • Password management
  • Data access governance
  • Role lifecycle management

Great product to manage the access control of users.

How has it helped my organization?

  • Provides good authorization and authentication system functionality.
  • Keeps data safe.

What is most valuable?

  • Report generation
  • Compliance manager dashboard reporting
  • Policy violation
  • Access certification, etc.

What needs improvement?

Needs to focus on automation wherein provisioning of work can be improved and access certification should be automated without the intervention from a manager for approval.

For how long have I used the solution?

One to three years.

Which solution did I use previously and why did I switch?

Not applicable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Omon Edeki
Technical Advisor, Java EE Developer at a tech vendor
Real User
What used to be very complex can be simplified if implemented correctly.

What is our primary use case?

Enterprise application provisioning and certifications. Provisioning automatically grants access to users based on pre-qualified variables like job function, region, etc; Certification feature of IIQ allows teams to go back and validate that access is still valid, limiting access to those who need

How has it helped my organization?

Improved visibility into who has access to what improved ability to validate and certify enterprise access to sensitive applications, useful for measurement and forecasting.

What is most valuable?

Automated provisioning platform, certification because it helps with automatically provisioning users based on discreet roles, access profiles, across many different applications.

What used to be very complex can be simplified if implemented correctly.

What needs improvement?

Some of the configuration options could be more automated, but this is a complex problem and I do not expect a simple solution.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Excellent, they have a well supported active community of experts and support personnel.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

It can be a bit complex and requires training and a strong background in IT systems and some software development, but other than that it can be learned over time.

What's my experience with pricing, setup cost, and licensing?

N/A.

Which other solutions did I evaluate?

I implement enterprise software solutions for my clients and SailPoint happens to be one of them.

What other advice do I have?

Work with experience solutions experts who have worked with this tool before. Complement them with experience, and the tools needed to succeed including strong testing and development, project management and team support.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are implementers of SailPoint software at this time. We also implement our own supply chain management software as well as expertise with Oracle database technologies.
it_user715140
Senior Software Design Engineer-IAM at a university with 10,001+ employees
Vendor
Manager Certification Helps To Review User Access And Remove Unnecessary Users.

What is most valuable?

The Certification and Provisioning features are most valuable.

How has it helped my organization?

Manager Certification helped to review user access and revoked unnecessary accesses to various applications.

What needs improvement?

The connector for EPIC, ServiceNow, and Duo.

For how long have I used the solution?

More than a year.

What do I think about the stability of the solution?

None, except cosmetics issues related to UI and documentation.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Excellent.

Which solution did I use previously and why did I switch?

We didn’t have a solution for Certification, but we had a homegrown solution for all other IAM processes. For various…

What is most valuable?

The Certification and Provisioning features are most valuable.

How has it helped my organization?

Manager Certification helped to review user access and revoked unnecessary accesses to various applications.

What needs improvement?

The connector for EPIC, ServiceNow, and Duo.

For how long have I used the solution?

More than a year.

What do I think about the stability of the solution?

None, except cosmetics issues related to UI and documentation.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Excellent.

Which solution did I use previously and why did I switch?

We didn’t have a solution for Certification, but we had a homegrown solution for all other IAM processes. For various reasons, we switched to IIQ.

How was the initial setup?

It was straightforward.

What's my experience with pricing, setup cost, and licensing?

They are expensive.

Which other solutions did I evaluate?

Yes. We tried Oracle and ForgeRock IAM products.

What other advice do I have?

Just go for this product. Its awesome.

Disclosure: My company has a business relationship with this vendor other than being a customer: Strategic relationship.
it_user715134
Information Security Architect and Senior Analyst
Real User
Customized Data Imports and Role Modeling

Pros and Cons

  • "The level of customization for data imports and role modeling, because it helps to integrate faster, support easier and let it reuse the organization role structure."
  • "Some setups should be done in the interface and in the code, and could be made simpler."

What is most valuable?

The level of customization for data imports and role modeling, because it helps to integrate faster, support easier and let it reuse the organization role structure.

How has it helped my organization?

It allowed us to execute account review campaigns from very different systems.

What needs improvement?

Some setups should be done in the interface and in the code, and could be made simpler.

For how long have I used the solution?

So far, from 2008 to 2017: 10 years.

What do I think about the stability of the solution?

No, the product is stable.

What do I think about the scalability of the solution?

As long as the database is very close to the application server, the system can manage many identities and connectors to various directory.

How are customer service and technical support?

Their technical support was very knowledgeable of their product, and we get answers within a day or so most of the time.

Which solution did I use previously and why did I switch?

Most of the clients kept the solution after using SailPoint IIQ. The only one that considered not using it anymore wanted to keep his historical supplier and to have the same solution for Identity Governance and Administration and for Authentication (which is not something SailPoint provides).

How was the initial setup?

Initial installation is straightforward and takes less than one day, once you have a VM, a database, and a directory available. What takes the most time is the connectivity to each authoritative source and target directory.

What's my experience with pricing, setup cost, and licensing?

SailPoint IIQ is the best of best. That is reflected in the pricing of the solution. The pricing is based on the number of identities.

Which other solutions did I evaluate?

Many clients considered the other main IGA solutions, like Oracle Identity Manager, CA Identity Manager, Microsoft Identity Manager, or NetIQ Identity Manager.

What other advice do I have?

Make sure the distance between the database and application server is very short. There is natural integration with other solutions that should be considered in your selection, like with CyberArk or ServiceNow.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user201006
Identity Management Infrastructure Services Senior Analyst at a insurance company with 501-1,000 employees
Vendor
Make sure to verify your requirements before implementation.

Pros and Cons

  • "Security and administration for any new/current access."
  • "It allowed to implement the automated processes when a new employee is hired. It allows to have a main central process for new hires."

What is most valuable?

Security and administration for any new/current access.

Manage process and search information.

How has it helped my organization?

It improves the function for CMS - the website is a centralized system to manage accounts and access for CMS applications.

What needs improvement?

It allowed to implement the automated processes when a new employee is hired. It allows to have a main central process for new hires.

For how long have I used the solution?

I've used it for three years now.

What was my experience with deployment of the solution?

No, but we encountered some bugs after the implementation and they were fixed.

What do I think about the stability of the solution?

A few of them - they were connection and performance issues but they both have been fixed.

What do I think about the scalability of the solution?

Yes. We needed to contact Sailpoint directly to address the issue.

How are customer service and technical support?

Customer Service:

It was ok.

Technical Support:

It needs to improve SLA.

Which solution did I use previously and why did I switch?

The client made the decision.

What about the implementation team?

Both vendor team and in-house.

Which other solutions did I evaluate?

I wasn't involved in the process, but other solutions were evaluated before choosing this one.

What other advice do I have?

Verify the requirements and the growth.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user711927
Delivery Manager at a tech services company with 1,001-5,000 employees
Real User
User provisioning and the role management features are good.

What is most valuable?

User provisioning and the role management features are good.

What needs improvement?

The advanced provisioning features require more improvement.

For how long have I used the solution?

I have used this solution for seven years.

How is customer service and technical support?

I would rate the technical support a 4/5.

How was the initial setup?

The setup was straightforward.

Which other solutions did I evaluate?

I did evaluate other options.

What other advice do I have?

I would recommend this product based on the customer requirements.

What is most valuable?

User provisioning and the role management features are good.

What needs improvement?

The advanced provisioning features require more improvement.

For how long have I used the solution?

I have used this solution for seven years.

How is customer service and technical support?

I would rate the technical support a 4/5.

How was the initial setup?

The setup was straightforward.

Which other solutions did I evaluate?

I did evaluate other options.

What other advice do I have?

I would recommend this product based on the customer requirements.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user201891
Senior Technical Consultant at a tech services company with 10,001+ employees
Consultant
It needs more details during account aggregation failures but the provisioning in multiple environments is valuable.

What is most valuable?

Provisioning in multiple environments Certification Provisioning Auditing

How has it helped my organization?

Automated accounts provisioning during the on-boarding process.

What needs improvement?

Additional details during account aggregation failures to help quick troubleshooting.

For how long have I used the solution?

We started with our customer last fall.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

None.

What do I think about the scalability of the solution?

Initial testing with a large amount of cubes (over 60K) went well.

How are customer service and technical support?

Customer Service: Good. Technical Support: Good - via a forum (Compass) and…

What is most valuable?

  • Provisioning in multiple environments
  • Certification
  • Provisioning Auditing

How has it helped my organization?

Automated accounts provisioning during the on-boarding process.

What needs improvement?

Additional details during account aggregation failures to help quick troubleshooting.

For how long have I used the solution?

We started with our customer last fall.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

None.

What do I think about the scalability of the solution?

Initial testing with a large amount of cubes (over 60K) went well.

How are customer service and technical support?

Customer Service:

Good.

Technical Support:

Good - via a forum (Compass) and ticketing system.

SailPoin

Which solution did I use previously and why did I switch?

Yes, we used Sun Identity Management and we switched because Sun IDM is coming to the end of its life.

How was the initial setup?

It was straightforward as we have a lot of experience with Sun IDM.

What about the implementation team?

I am part of a consulting service team who can provide Identity Management platform implementation. We have been helping our customer implement Sun IDM in the past and last fall, we helped the customer in SailPoint.

Which other solutions did I evaluate?

Oracle Identity Manager was the other one we helped evaluate.

What other advice do I have?

Understand the customer's business practice regarding provisioning.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Information Security Analyst at a financial services firm with 10,001+ employees
Vendor
Simplified access certification and Identity Life Cycle Management

Valuable Features:

    Access Governance has become and integral part of cyber security. It is essential to keep track of who has what access. Sailpoint IIQ simplifies this by providing an OOTB module for access certification. Administrators can create, schedule and design certification with just a few clicks.

    A lot of OOTB connectors for managing various types of applications. Simplified process for application on boarding and provisioning.

Improvements to My Organization:

Simplified Access Governance and Life Cycle Management. Easy to implement in comparison to other IAM tools.

Room for Improvement:

Should have authentication modules as well

Deployment Issues:

We had no issues with the deployment.

Stability Issues:

We had no issues with the stability.

Scalability Issues:

There were no issues with scaling it for our needs.

Initial Setup:

The initial setup is straightforward. Easy installation and configuration.

Other Advice:

Implement Sailpoint IIQ for Access Governance and for simplified Identity Management.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user194688
IT Access Management Process Leader at a consultancy with 10,001+ employees
Consultant
Reporting and some GUI areas need work but we have consolidated a single view of a user's access to multiple systems.

What is most valuable?

  • Certification
  • Full Life Cycle management of IT system accounts

How has it helped my organization?

  • It has, for the first time, consolidated a single view of a user's access to the company's multiple IT systems
  • This has now allowed us to confidently cleanup a large proportion of accounts that could not previously have been easily identified as no longer required
  • Furthermore, it has forced ownership of non-user/non-individual accounts and accountability of them

What needs improvement?

  • Reporting and some GUI aspects. Reporting lacks the flexibility of retrieving the vast amount of data that we know is in the database, but not easily accessible
  • Scheduling also comes short, specifically when it comes to multiple jobs that are interdependent (e.g. preventing certain groups of jobs from running concurrently)

For how long have I used the solution?

Five years across different companies.

What was my experience with deployment of the solution?

Yes - Some application connectors (namely Lotus Notes) - have some fundamental flaws. But the major issue was cleaning up, what we expected to be, authoritative data - specifically HR data, and users not in HR (eg. contractors, etc) and ensuring global consistency and adherence to standards.

What do I think about the stability of the solution?

Not of the core product, but some issues with some of the connectors (especially Lotus Notes, and ServiceNow). This has led to some issues with daily batch jobs which either time out, hang, or are terminated and this has in turn, we suspect, created some internal DB link corruptions.

What do I think about the scalability of the solution?

Not yet. Though current nightly batch jobs range from completing within 8 hours to 48 hours, with no obvious reasons as to why

How are customer service and technical support?

Customer Service:

Very good.

Technical Support:

Very good.

Which solution did I use previously and why did I switch?

Yes we did. We switched because the solution no longer offered support as it was sold to Sailpoint.

How was the initial setup?

It was complex. Identity and account management is very heavily dependent on the accuracy, authority, and timing of the source data. As the implementation progressed, we became aware more and more that some of the missing detail (especially around the exceptions of when a central unique Employee number is actually "central" or consistent, or the complexity of some of the attributes - e.g. whether their validity is date dependent, allowing for multiple values, etc) will cause issues in the proposed processes and the timing of providing access when required.

What about the implementation team?

We used a vendor whose level of expertise was excellent.

What was our ROI?

No ROI as of yet.

What's my experience with pricing, setup cost, and licensing?

It was two years give or take.

Which other solutions did I evaluate?

Yes - NetIQ, Oracle, and SAP.

What other advice do I have?

Spend double the time/money up front in fully understanding your business requirements, opportunities for process changes. Also ensure you get a detailed understanding of identity and access business processes and understand your HR (and other authoritative) data source.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user192285
Senior IT Consultant at a consultancy with 10,001+ employees
Consultant
Development framework needs to be improved but the self-service access request feature is valuable.

What is most valuable?

  • Access risk alerts
  • Access Certification
  • Self-Service Access Request
  • Password Management

What needs improvement?

  • Development framework
  • Workflows configuration

For how long have I used the solution?

Two years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

No, the platform has been stable.

What do I think about the scalability of the solution?

Yes, I found some scalability issues:

  • Java.lang.OutOfMemoryError: Java heap space
  • Advanced searchs with 0 rows

How are customer service and technical support?

Customer Service:

7/10.

Technical Support:

8/10.

Which solution did I use previously and why did I switch?

Yes. In several customers we have switched to SailPoint IdentityIQ due to the unified architecture and intuitive centralized governance across datacenter.

How was the initial setup?

The initial setup always was straightforward with shorter implementation times and quick benefits.

What was our ROI?

We haven`t calculate the ROI. Mainly, cost savings are associated to:

  • Identifying unused or unauthorized accounts and reports them back to the appropriate business sponsor for removal and potential cost savings
  • Reduce the cost of compliance by automating access review processes

Which other solutions did I evaluate?

In several cases, the IdentityIQ deployment was due to a migration from other IAM solution (Oracle Identity Manager). Usually, before deploying an IAM solution, we do a benchmark test with the customer to get the best solution for their requirements.

What other advice do I have?

  • Phased Deployment
  • Get to know new features
  • Expand gracefully/logically
  • Create a change control & env. management process
  • Automate where possible
  • Become flexible with migrations
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Principal Technologist
Vendor
IdentityIQ is flexible but customizing everything will add to your costs now and your maintenance later. Keep it simple.

What is most valuable?

User Access Review, User Access Request and SOD Policy detection. Another important feature is IdentityIQ’s provisioning broker which allows us to either use its built-in provisioning engine or easily integrate with third-party provisioning and help desk/ticketing systems (such as IBM TIM/SIM, Oracle IdM, BMC IDM, BMC Service Desk, Novell IdM, Microsoft Forefront IdM, ServiceNow etc.) The backend provisioning of IdentityIQ is lightweight and fast to implement. Generally account provisioning can be setup in days versus weeks as is the case with some of the competing products.

SailPoint’s roots began with governance and compliance in 2006. Over time the IdentityIQ compliance and governance stack (user access reviews, SOD and access request) has evolved to provide deeper and more flexible functionality than we’ve found with competitors.

How has it helped my organization?

We’ve used IdentityIQ to help customers update their ‘paper and spreadsheet’ based user access review processes. This has helped customers increase the efficiency of access reviews, reduce workload, increase oversight of access remediation as well as start to fulfill regulatory and audit compliance requirements that where previously unattainable.

We’ve seen organisations go from detecting and reviewing high-severity SOD Policy violations once or twice a year to being able to detect and remediate SOD violations in the same day. IdentityIQ provides the detection, enforcement and traceability to take the manual, paper-based policies into real automated rules.

Many of our customers have also used IdentityIQ to replace homegrown and out dated access request solutions (some even manual and paper based), as well as migrate away from expensive and difficult-to-implement provisioning systems. Implementing IdentityIQ has allowed customers to reduce the cost of on-boarding applications into enterprise access review and access request processes as well as tightly integrate access request and remediation with approval workflows and back-end provisioning.

What needs improvement?

Unlike other competing products IdentityIQ is designed with end-users in mind rather than just targeting the IAM system administrators, we would like to have a bit more flexibility in how the screens are laid-out and the content. Some of our clients prefer feature-rich UI/screens whilst other would like to have simpler interaction and presentation.

Dashboards – whilst better and more feature rich than a number of competing products, they are still nowhere near the functionality one gets from dedicated portal and analytics tools (eg. drill-downs, comparative views, etc.).

Report writing is much better in the latest versions, but it is still not comparable to what one can get out of dedicated reporting tools.

For how long have I used the solution?

I started working with IdentityIQ in 2007. Until now, I’ve been actively involved in design and configuration of a large number of IdentityIQ deployments across Australia, Asia, America and the Middle East. We (First Point Global) have been a SailPoint partner since 2007.

What was my experience with deployment of the solution?

In terms of the product itself - no. Deployment of the product is very straightforward; there are a lot of resources available to assist you in finding the answer to any deployment question you might come up with. There is a large community of people working on IdentityIQ. If you come across a problem there’s always someone around that’s done that before and has suggestions.

The main challenge has been that each client’s environment is different; from the way in which they configure their ‘managed’ systems, to constraints imposed by the client’s SOE (standard operating environment), to the client’s infrastructure topology, to change control and migration processes and tools the client wants to/has to use.

One of the main challenges is for clients to understand and accept that IdentityIQ implementations are not a systems development/coding exercise; rather IdentityIQ deployment is more about configuration than coding.

What do I think about the stability of the solution?

No, IdentityIQ is stable. It has easy, built-in redundancy to handle any unforeseen events. Also, server management is simple and easy to understand.

What do I think about the scalability of the solution?

IdentityIQ scales well both vertically (‘bigger’ servers) and horizontally. When load increases additional servers can be added to the UI or task server groups with minimal configuration effort. IdentityIQ supports the notion of having dedicated UI servers handling user interaction and task servers, which handle background activities (eg. data loading and refresh, generating reports, re-evaluating SOD policies, etc.). IdentityIQ manages its own batch server load balancing in the background. SailPoint also provide whitepapers and supporting materials on tuning your IdentityIQ deployment to meet your needs and your environment.

However, we have encountered issues using IdentityIQ on virtualized platforms. These were caused by the virtualization hosts being overloaded (i.e. several virtual machines on one overloaded host). If you are going to virtualise IdentityIQ application servers, I would recommend allocating vCPU and memory to each virtual machine. If resources are not allocated, IdentityIQ can be starved by other virtual machines running on the same hosts.

How are customer service and technical support?

Customer Service:

Great, SailPoint offers several points of contact. You can use either the SailPoint communities, customer portal (Salesforce-based) for management of support cases and queries, or directly contact your professional services manger or engagement manager. SailPoint has staff located in most geographies and it’s easy to get hold of someone technical when you need a hand.

Technical Support:

Excellent, SailPoint provides both customer and partner community forums; SailPoint technical staff, partners and customers actively contribute to these forums. Often you can find the answer to a question in a forum without the need to raise a support ticket. The communities are an invaluable repository of technical knowhow as well as a source for documentation, tutorials and videos. SailPoint also holds regular webinars. These and all whitepapers are stored and made available to the community. By using the community, it’s possible to find out who has done it before, see what solutions they came up with, as well as even contact that person to ask questions. It’s a great way to get to the bottom of something quickly.

SailPoint support engineers are located in most geographies so your questions get answered quickly. The SEs are also approachable and easy to work with.

Which solution did I use previously and why did I switch?

As a company we implement identity solutions for customers. We’ve implemented a variety of product replacements and migrations, including:

Oracle Identity Analytics (OIA) replacement (formally Sun Role Manager and Vaau RBAC), OIA lacked the flexibility and functionality to meet the customers’ SOD (Segregation of Duty) Policy requirements as well as entitlement and role modeling requirements. Lack of industry resources with implementation product knowledge was also a factor in retiring OIA solutions; lack of supported application connectors (and/or complexity, eg. requiring fully functional implementation of Oracle IdM for OIA to function) was another factor.

BMC IDM / Control-SA, we’ve implemented both Control SA replacement, and more recently we worked on Control SA end-of-life migration projects. SailPoint offers a clear migration strategy to replace existing Control SA/ESS deployments. SailPoint acquired the BMCs IDM/Control-SA Connector stack people/technology to make migration much simpler exercise; replacing Control SA/ESS can be as simple as configuring the application connectors in IdentityIQ and pointing them to the existing Control SA Agents or Service Manager. Since acquiring the BMC ESS Connector stack, SailPoint has started rewriting the connectors into agentless Java connectors which are simpler to use. Some legacy connections still require agents i.e. RACF, ACF2, NIS.

Prior to compliance and governance solutions coming to the forefront of identity management, we found our customers were starting to think about and “roll their own” solutions to complement the gaps in their IdM stacks; this often involved attempting to ‘bolt on’ access reviews and SOD functionality into existing provisioning systems.We’ve worked with customers to replace several in-house developed solutions, including customer-developed Access Request, User Access Review and even a custom developed Provisioning system! In each case the customer chose to migrate off their home-rolled solution to take advantage of the savings offered from an out-of-the-box solution as well as take advance of the deep compliance and provisioning functionality that IdentityIQ offers.

How was the initial setup?

Installation requires knowledge of application servers and relational databases; a high availability environment can be setup in a matter of hours-days once infrastructure is in place. IdentityIQ requires a relational database and supports all the main flavors, Oracle, IBM, Microsoft, MySQL; IdentityIQ runs on a Java application server, again the common platforms are supported, Oracle, IBM, Apache Tomcat and Red Hat JBoss.

What about the implementation team?

We (First Point Global) are a solutions integrator specialising in identity management; a typical project implementation team involves First Point Global consultants with years of experience in deploying IdentityIQ into large organisations. We work with and train the customer team to up-skill employees to assist in transfer of the IdentityIQ solution from implementation to BAU.

Of course you will always rate yourself as high, but we are the largest team of IdentityIQ implementers in APAC. Also, we won the SailPoint Amarda Award in both 2013 and 2014 for SailPoint’s top partner in the Asia Pacific region.

What was our ROI?

Through our implementations we’ve seen the existing manual access review processes shrink from a team of people used to gather, send and review certification results down to one or two administrators. Gathering of account data, sending of access review notifications, escalation of incomplete access reviews and detection of remediation is all automated. Administrators can focus on reviewing the results not doing the heavy lifting, results can be easily summarised for the people that need it.

IdentityIQ is still a relatively new comer to identity management, but its implementation is modern and it has built on the lessons learnt from the older, harder to use and often cryptically complex provisioning systems. Workflows and connections to applications do not need to be complex and take far less time to implement than heavy provisioning systems.

IdentityIQ is quicker to implement than its pure provisioning counterparts, implementing IdentityIQ for compliance and governance means you can later reuse the existing on-boarded application connections to implement provisioning.

What's my experience with pricing, setup cost, and licensing?

The cost associated with setup depends on the scope of work, and largely the extent of integration with the applications to be on boarded as well as the functionality applied to those applications (i.e. access review, access request, provisioning, roles, SOD, etc.).

IdentityIQ is a very flexible product. We’ve found the key to using it well and getting the best value for money is to determine how to model your access review, access request or provisioning processes in IdentityIQ, then apply that to a majority of applications. If applications require unique processes for each department, there can be additional configuration overhead, aim for economies of scale where possible.

Some examples of projects:

-30 day IdentityIQ ‘quickstart’ project, on-boarding of 7 high-risk enterprise applications + HR feeds. User access reviews configured and kicked-off in production.

-90 day Control SA migration project, migration of hundreds of provisioned applications into IdentityIQ. And replacement of Control SA Password Management and Access Request functionality with IdentityIQ

-100-200 days IdentityIQ governance project, on-boarding of all enterprise applications into IdentityIQ to perform regular access reviews and detect SOD violations as they occur.

For day to day running of IdentityIQ post implementation we generally advise a small administration team of 2-3 people; some of our clients are supporting IdentityIQ deployment with a 0.5 FTE. Administrators are responsible for performing general house keeping as well as fielding queries on access reviews and scheduling access reviews, new application on-boarding and patching.

Which other solutions did I evaluate?

We’ve reviewed Oracle Identity Analytics (OIA) and RSA as well as the Dell offerings. Of the three we found RSA Aveska the closest competitor to SailPoint; the Oracle and Dell offerings do not have the same depth of functionality. When doing feature-by-feature comparison as is in a typical RFP/RFQ the majority of IdM products look the same. There are two areas where IdentityIQ often proved to be better than competing products were ‘time to market’ (i.e. how long it takes and how much effort is required to start addressing real issues and delivering value to the business) and complex user access review scenarios.

What other advice do I have?

Listen to the vendor and other clients who have successfully implemented the product; lots of, problems with hardware and implementation process can be avoided by taking the advice of those who have been there before.

Ensure the project has strong leadership. You’ll need this to ensure cooperation of system administrators that are often protective of access to their applications. You need to configure provisioning, but administrators will only give you a read-only account until it is proven it works and will not cause problems. Or enterprise architects may insist that all integration has to be done through corporate middleware, requiring lots of custom development, rather than using OTB connectors.

Make sure your hardware meets the SailPoint requirements (see the ‘IdentityIQ Performance Optimization Checklist’ on SailPoint’s forum - this details the required hardware and network requirements at a glance). IdentityIQ supports virtualisation nicely, but you do need to make sure your virtualisation hosts have enough resources to meet IdentityIQ processing requirements. We suggest allocating CPUs and memory to IdentityIQ application hosts to ensure dedicated usage of required resources.

Make sure your database and application servers have a low latency round trip. We recommend putting the two in the same data centre. IdentityIQ is a big user of data - lower the time it takes to retrieve the data and the UI and batch tasks perform snappier.

Install your development environment to get started with IdentityIQ, then read the ‘IdentityIQ Performance Management Guide’ to ensure that all non-development environments are installed and tuned correctly for your infrastructure. A tuned environment is a fast environment; and fast environment means happy end-user. Also, make sure your administrators do regular health checks.

Deploying IdentityIQ is an integration task, use agile development to on-board applications quickly, have a simple to document application template to capture integration details, but remember you are not designing a system from the ground up. This is not a Java/VB/C++/you-name-it coding exercise.

Using OOTB means fast implementation times and lower cost to you. IdentityIQ is flexible but customizing everything will add to your costs now and your maintenance later. Keep it simple and keep the process standardised.

How often do you need to refresh the data? The hardware required to run IdentityIQ is largely dependent on how often you configure IdentityIQ to reload the data. How often the data is really required to be reloaded is largely dependent on the features you are using,. For example, SOD policy violation detect might require daily updates, but reviewing user access quarterly does not require daily data refreshing!

If you do want to keep all data up to date, then be smart and take advantage of IdentityIQ’s delta aggregation and partitioning functionality. Build application on-boarding tuning into your application on-boarding process and have database administrators review queries for performance.

Always utilise the direct connectors. Although IdentityIQ supports a variety of file feed connectors using the direct connectors now means you can take advantage of provisioning later without reconfiguring. Remember file feeds are unlikely to match the data the direct connector will pull back, reuse the investment SailPoint have made in the OOTB connectors and save time and money!

Standardise the compliance processes applied to applications. IdentityIQ is flexible but a unique access review process for each application will require more configuration and maintenance. Keep it simple and easy to maintain.

IdentityIQ has been the market leader according to the Gartner IGA Magic Quadrant for the past two years. We deploy and support several identity and access management products, and have reviewed numerous other vendors’ offerings.On balance we find IdentityIQ to have the best mix of functionality and ease of use, as well as being the easiest and most flexible to deploy.Quite a few of our engineers prefer to use and deploy IdentityIQ over other compliance, governance and provisioning solutions.

Disclosure: My company has a business relationship with this vendor other than being a customer: First Point Global is a System Integrator/Reseller Partner; we implement IdentityIQ based solutions on behalf of customers, we started working with IdentityIQ in 2007. In 2013 and 2014 we won the SailPoint Armada Award due to being the top partner in the Asia Pacific region. We are also certified IdentityIQ trainers.
it_user191790
Security Consultant at a tech services company with 51-200 employees
Consultant
It has automated access governance but the multi-aggregation feature needs improvement.

What is most valuable?

Certification of user's access, enabling the organization to have a strict governance of what its employees are for entitled to currently.

How has it helped my organization?

By using this product the organization has moved from manual access governance done previously to automated governance which has a full audit trail, and this is very beneficial.

What needs improvement?

Some of the features like multi-aggregation and self healing feature in case of corrupted certificates would be pretty useful which would enable easy debugging in case of issues.

For how long have I used the solution?

More than two years.

What was my experience with deployment of the solution?

No, the deployment is pretty straightforward.

What do I think about the stability of the solution?

No, the product is pretty stable given it has sufficient clustering and HA catered for seamless 24x7 high volume access.

What do I think about the scalability of the solution?

Yes, with a growing number of certificates there was slowness in the overall certificate generation time which I believe is corrected in the upcoming release of the solution.

How are customer service and technical support?

Customer Service:

7/10.

Technical Support:

8/10.

Which solution did I use previously and why did I switch?

Yes, we used Aveksa's access governance which seemed to have a lot of issues with regards to aggregation and certificate generation which prompted the switch to Sailpoint.

How was the initial setup?

It was pretty straightforward, just need to follow installation documentation properly.

What about the implementation team?

It was done by the in-house team.

Which other solutions did I evaluate?

Aveksa was compared with Sailpoint identityIQ and Sailpoint IdentityIQ fared better in terms of performance and features.

What other advice do I have?

If you are looking for a product that would suit your access governance needs then perhaps Sailpoint identity IQ is a good option, but if you require automatic remediation capabilities as well then you might need to integrate it with an identity management product like OIM.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user188808
IP Technical Consultant at a consultancy with 51-200 employees
Consultant
The layout of the controls had an intuitive feel but it ​broke down several times

Valuable Features:

Building/expanding a directory tree for my customers was the most valuable tool. Another was the ability to remove someone from the network with just a few clicks.  It was fairly easy to learn and the layout of the controls had an intuitive feel.

Improvements to My Organization:

The organization is moving to replace several tools with this one tool.

Room for Improvement:

Broke down several times during my 4 months but overall the delays were mostly minor.

Use of Solution:

I used it for four months.

Other Advice:

I was an Identity Access Management operator for a company contracted as an outsource for a major global company. My involvement was brief. I was part time help while looking for full time employment in an unrelated field.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Tech Consulting Sr Associate at a consultancy with 10,001+ employees
Consultant
It has many valuable features however I would prefer cutting the amount of features in half to increase the stability

What is most valuable?

SailPoint started as a product for certification and governance. This is their most mature module and the first portion of the tool my clients want to implement.

But other valuable features are the strong user interface, quick ability to stand up solution, and many out of box connector.

How has it helped my organization?

This product, when implemented correctly, can streamline access control operations, reduce risk by provisioning and de-provisioning access quickly and hold approvers accountable for decisions on access.

What needs improvement?

There seems to be a rush to add new features in SailPoint. I would prefer cutting the amount of features in half to increase the stability, reduce the resource utilization and reduce bugs..

For how long have I used the solution?

I have been using IdentityIQ and other Identity and Access Management solutions for over 3 years

What was my experience with deployment of the solution?

We encountered major issues with the Active Directory connector caching configurations and concurrent major release upgrades. If you are running SailPoint 5.3, you need to update to 5.5, 6.0, 6.1, and 6.2 before upgrading to 6.3, it was a mess.

What do I think about the stability of the solution?

Although it seems to be getting better, for each deployment it seems a new set of bugs appear. There has never been a deployment where we have not encountered a product bug. If you are looking to do a deployment it may be better to deploy on the previous version with the latest patch than with a new version (e.g. 6.2.5 instead of 6.3).

What do I think about the scalability of the solution?

Being based on Java, this tool is very heavy in memory and in processing. Word of advice, for large implementations be sure to use Intel processors. SailPoint supports Unix deployments, but it really is only better for smaller environments

How are customer service and technical support?

Customer Service:

SailPoint has a strong account management and support team, each company has an account manager and they are available to escalate issues quickly. Do not hesitate to escalate issues if they are time sensitive, sometimes it is tough to get their attention if something needs to be resolved quickly.

Technical Support:

Similar to customer service, the technical support is strong. It might take a few times back and forth to get them out of the “try this and send us your logs” cycle, but getting them on a WebEx or LiveMeeting is a great way to watch them shine.

Which solution did I use previously and why did I switch?

The initial setup is very straight forward and it takes around 30 minutes end to end. It is a Java app on a web server; you can do it locally very quickly.

How was the initial setup?

The initial setup is very straight forward and it takes around 30 minutes end to end. It is a Java app on a web server so you can do it locally and very quickly.

What about the implementation team?

We have had deployments with combinations of consultants, vendor hours(~200), and in house teams. The vendor help has always been very good, albeit sometimes you may get a fresh college graduate as an expert.

What was our ROI?

We achieve two returns in the investment in a SailPoint implementation. We were able to streamline access control related business processes and reduce identity management and access control risks, including potential audit/regulatory findings.

What's my experience with pricing, setup cost, and licensing?

The other major players in the Identity Management space are Oracle OIM/OIA, Aveska and CA Technologies Identity Management. We had evaluated all via a vendor scorecard.

What other advice do I have?

It is very difficult to go at this alone. If you are interested in implementing send your engineers to the SailPoint provisioning training and get a few experienced consultants to help you.

Disclosure: My company has a business relationship with this vendor other than being a customer: My firm is a partner with SailPoint and we are in a joint business relationship.
ITCS user
Sr. Application Test Engineer at a tech services company with 1,001-5,000 employees
Consultant
This solution is easy to configure and very flexible but despite this, it is complex if you want AD Forest

Valuable Features:

We can use different types of DBs and Application Servers from different different brands for the business. Many are supported by II.

Improvements to My Organization:

Customization of workflows as per business needs is easy & most effective part is certification for easy compliance and access monitoring & revokes extra access if any.

Room for Improvement:

Complex configuration if you want to have AD forest architecture in place.

Use of Solution:

Three years.

Deployment Issues:

No issues encountered.

Stability Issues:

No issues encountered.

Scalability Issues:

Only if we have a combination with an AD forest.

Customer Service:

Very good. Support is provided even on…

Valuable Features:

We can use different types of DBs and Application Servers from different different brands for the business. Many are supported by II.

Improvements to My Organization:

Customization of workflows as per business needs is easy & most effective part is certification for easy compliance and access monitoring & revokes extra access if any.

Room for Improvement:

Complex configuration if you want to have AD forest architecture in place.

Use of Solution:

Three years.

Deployment Issues:

No issues encountered.

Stability Issues:

No issues encountered.

Scalability Issues:

Only if we have a combination with an AD forest.

Customer Service:

Very good. Support is provided even on weekends.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
IdM Consultant at a tech services company with 501-1,000 employees
Consultant
This is the best product of its type available however the price is very high

What is most valuable?

  1. Very user friendly unified UI (for users and administrators)
  2. An excellent out-of-the-box features (hierarchical RBAC, flexible provisioning policies, role-mining, certifications, life-cycle events, etc)
  3. Modest hardware requirements
  4. A large list of out-of-the-box connectors (with no additional charge)
  5. Using only standard java technologies (java, beanshell, HTML, jsp, JavaScript, XML, some Apache projects)
  6. Possibility to deploy the solution on different DBMS and application servers of your choice
  7. Very fast implementation of the solution with custom modifications

What needs improvement?

  1. The price is very high
  2. The partnership program is very inflexible
  3. Provisioning. This functionality sometimes require too much coding to implement some customers' requirements
  4. "Ease of use." IdentityIQ has a function that can be described as duplication (this can depend on the point of view) for example, groups, population, and work-groups
  5. Implement the support of organizational structure

For how long have I used the solution?

About one year.

What was my experience with deployment of the solution?

Yes, of course. Every time, when you implement a project for a customer you will encounter some issues.  The primary question - how quickly the vendor will help you with issues, or how strong are the programmers and engineers in your team to find a solution in-house.

What do I think about the stability of the solution?

No, I didn't.

What do I think about the scalability of the solution?

No, I didn't.

Which solution did I use previously and why did I switch?

Of course. In addition to SailPoint IdentityIQ I have experience in implementing MS FIM 2010, OIM 11gR2, and Oracle Waveset (Sun IDM) 8.

In my opinion this is the best product and I agree with Gartner which described it as the best product in the "Identity Governance and Administration Magic Quadrant" in 2013-2014.

How was the initial setup?

I would say it's simple (compared with OIM 11gR2, but more difficult when compared with MS FIM 2010 R2).
IdentityIQ has very good documentation and you shouldn't face problems with the installation.

What about the implementation team?

With an internal team. All team members have very strong experience in the IDM sphere, including working experience with other IDM vendors (Sun, Oracle, IBM).

What other advice do I have?

SailPoint IdentityIQ is a very good product (in my opinion - it is the best product and it took the leading place in Gartner's Magic Quadrant two years in a row) and I can recommend it to all who are looking for a very strong IDM solution (if the price suits you).

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free SailPoint IdentityIQ Report and get advice and tips from experienced pros sharing their opinions.