Global 500 companies have invested millions of dollars on IT
provisioning implementations, yet most still cannot provide prompt
access to resources for new employees, immediate removal of access for
terminated workers, or rapid processing for all the changes as employees
move around the organization. To address that problem, SailPoint has added end-to-end
provisioning capabilities to its award-winning identity governance
solution, SailPoint IdentityIQ,
and can now automate the entire user access request and fulfillment
process. Building on its early innovations in identity governance and
leveraging its founders’ provisioning heritage at Waveset Technologies,
SailPoint’s governance-based provisioning solution is designed to
simplify implementations, reduce costs and deliver immediate business
"Companies struggle today with provisioning because the technology is
expensive, overly complex and difficult to implement," said Mark
McClain, CEO and cofounder of SailPoint. "The cost and complexity of
implementing provisioning has limited the extent of its deployment in
most organizations to a small minority of total applications. By
implementing provisioning on an identity governance foundation,
companies will benefit from shorter implementation times and broader
application coverage. At the same time, it will be much easier to
involve business users in all aspects of compliance and governance
processes associated with user access control."
SailPoint’s new approach to provisioning begins with a governance
layer, which provides an enterprise-wide view into a company’s identity
data, applies intelligent, risk-aware controls to user access based on
corporate policies, and then automates access request fulfillment across
the organization through the most efficient processes available. This
— Simplified deployments. SailPoint’s approach begins with the mining and modeling of all necessary information about users, access privileges, roles and policy into a single governance platform, enabling organizations to automate access request and provisioning processes without extensive workflow and custom coding. This reduces custom coding requirements by 200-300 percent.
— Lower deployment costs. SailPoint provides an open and flexible approach to the "last mile" of provisioning – the connector layer where changes are executed on IT resources – by supporting multiple techniques and processes for making changes to resources. This eliminates the hundreds of thousands of dollars organizations typically spend on "last mile" integrations. It also allows customers to immediately focus their identity management efforts where the highest value exists: at the business process and governance layer to ensure consistent, enterprise-wide compliance with internal and external security mandates.
— Business and IT alignment. SailPoint provides the first user interface designed specifically for business users to request access and manage user lifecycle events. Traditional provisioning tools were designed for use by IT administrators and were too cryptic and technical for business users. With its business-friendly user interfaces, SailPoint makes it easy to involve business users in all identity management processes, such as access requests, change approvals, access certifications and role lifecycle management.
"Having a foundational identity and access governance platform in
place and then expanding it into provisioning makes a lot of sense for
companies," said Ian Glazer, senior analyst at Burton Group (acquired by
Gartner). "Building a complete view of entitlements and access
privileges is step one. The next step is to leverage role management and
create a centralized policy that dictates who should have access to
those resources. Companies then have the benefit of leveraging that
model, built for compliance, across its provisioning processes."
SailPoint’s new provisioning solution, IdentityIQ Lifecycle Manager,
will be available April 30 and provides the following key capabilities:
— The industry’s first access request interface designed specifically for business users, which provides a "shopping cart" styled interface for convenient and intuitive selection of roles and entitlements.
— Full lifecycle event management that integrates with authoritative sources, such as HR systems and corporate directories, to identify changes in employment status, automatically trigger the appropriate changes in IdentityIQ, and generate the appropriate provisioning requests to ensure closed-loop access fulfillment. — A provisioning broker that enables organizations to centralize policy and controls in a governance layer above provisioning, while cost-effectively orchestrating changes to target resources using 3rd-party provisioning solutions, help desk solutions, emails sent to a
system administrator or SailPoint’s own Provisioning Engine, which includes more than 50 out-of-the-box read/write connectors and a custom connector toolkit for deploying to custom applications.