SailPoint

What SailPoint actually does

SailPoint Identity Security Cloud (formerly IdentityNow) is a SaaS identity governance platform. It connects to your applications — SaaS, on-prem, databases, file shares — and provides a unified view of who has access to what. Access certifications let managers review and approve or revoke entitlements on a schedule.

The AI engine (Identity AI) recommends access decisions based on peer group analysis and historical patterns. This helps managers make informed certification decisions instead of rubber-stamping everything. Role mining and role management help build and maintain an access model that maps to your organization.

SailPoint also offers IdentityIQ, the on-prem predecessor that many large enterprises still run. Data Access Governance covers unstructured data permissions. Non-Employee Risk Management handles contractor and third-party identities. The product has expanded from pure IGA into broader identity security, including PAM-adjacent capabilities.

Who it’s best for

• Enterprises with 5,000+ identities and complex entitlement landscapes
• Organizations facing SOX, HIPAA, or PCI access certification requirements
• Companies struggling with orphaned accounts, excessive permissions, and role sprawl
• Security teams implementing separation-of-duties controls across business applications
• Large organizations with complex joiner/mover/leaver processes across many systems

Pricing reality check

SailPoint Identity Security Cloud is priced per identity and varies by tier. For 10,000 identities, expect annual costs in the mid-six figures for the full platform. IdentityIQ (on-prem) has perpetual licensing options but requires infrastructure and ongoing maintenance.

The biggest cost is implementation, not licensing. IGA projects are complex. Connecting applications, defining roles, building certification campaigns, and tuning the AI model takes 6-18 months with experienced integrators. System integrator costs often exceed the first year’s license fee. This is the uncomfortable truth of IGA — the technology works, but getting there is a slog.

Alternatives to consider

• Saviynt — Cloud-native IGA competitor with strong application access governance. Often faster to deploy.
• One Identity — IGA plus PAM from Quest/One Identity. Less market share but capable for mid-market.
• Microsoft Entra Identity Governance — Basic access reviews and lifecycle management included in Entra. Limited compared to SailPoint.
• Omada — European IGA platform. Good for mid-market. Less complex than SailPoint.

The Charting Cyber take

SailPoint is the right choice for large enterprises that take identity governance seriously. The platform handles complex access models, multi-application certifications, and separation of duties better than any alternative. The AI recommendations genuinely reduce certification fatigue.

But IGA projects have a high failure rate industry-wide, and SailPoint is no exception. The technology is not the bottleneck — organizational readiness is. If you don’t have clean role definitions, executive sponsorship, and a dedicated identity team, the project will stall. Before signing a SailPoint contract, honestly assess whether your organization can commit to the implementation. If you can, it’s a strong investment. If you can’t, you’ll end up with expensive shelfware.