SailPoint IdentityIQ Quick Overview

They are not narrowly focused but offer the means of nailing down your application identity certifications while insuring segregation of duties and least privilege. This product covers the enterprise and is not just an IT ecosystem like SAP GRC. If I have a complaint it is that it relies on too much XML when setting up an application. XML is nearly useless with its insistence that data must be modeled as 1:N. The brain may love hierarchies but XML with all it’s tags and so little data makes hierarchies a headache to work with. Their developers seem to sense this too because they have moved some areas around web services to json as opposed to SOAP, an approach I have had my fill of.

If enterprise governance is a requirement for you, and you find yourself failing audits, be sure to check out SailPoint. Then call Matt Pollicove (who blogs here from time to time) at CTI when you need help implementing.

SailPoint began their product with a governance model instead of starting with provisioning. I think this gives the product a distinct advantage. Rather being focused entirely on a select group of technical employees and making their lives easier, they instead focused on the business initially and now they are bringing in provisioning elements. It is much harder to bolt on re-certification and role analysis to an existing product then add provisioning. I also like their approach to role management which is both top down and bottom up. As has been pointed out by Gregory in this post, just doing bottom up role mining is a mistake since many people have access they never use. In the next couple of blog posts I will highlight some specific features of the product.

More Here