Sailpoint Architecture

Identity management systems are designed to do two things at the same time: support privacy and security enforcement standards, and have business access. This blog primarily discusses the Sailpoint architectural components of Identity IQ with certain functionalities, advantages, configuration policies, etc.

Sailpoint Architecture - Table of Content

Sailpoint Architecture

Organizations should be able to use their identity solution to enable clear and comprehensive controls on access to data and software, allow for proper access requests, and have timely provisioning of access rights, regardless of how regulatory demands change or evolve, or the number of new vendors, staff, and other people change positions or come on board. 

Compliant businesses must introduce access and identification controls in today's agile environment to prevent data breaches and minimize market risk whilst streamlining enforcement to reduce IT costs and boost adult efficiency.

To efficiently handle their problems, companies need a solution that can keep up with regulatory criteria and access demands while mitigating costs, audit failures, and access-related risks. To face these challenges head-on, SailPoint IdentityIQ is needed.

Want To Get SailPoint Training From Experts? Enroll Now For a Free Demo of SailPoint Training.

The Architecture of SailPoint IdentityIQ mainly consists of four major components as follows

1) Compliance Manager

2) Lifecycle Manager

3) Governance platform 

4) User provisioning 


Compliance Manager

SailPoint IdentityIQ Compliance Manager automates common administration, reporting, and auditing procedures while simultaneously enhancing identity processes such as policy enforcement and access certification.

Compliance Manager assists in focusing controls on the services, privileged access, and users that pose a significant risk. It also assists in the prioritization of the most important compliance tasks.

  • It proactively prohibits and detects improper breaches of corporate rules and accessibility.
  • During acquisitions and mergers, it helps to properly handle risk and enforcement.

Access Certifications:

It is widely used to check access permissions on a regular basis to ensure that they all comply with policy requirements and are appropriate for the user's job role. Internal control and regulatory enforcement are the most common uses for access certifications.

Policy Enforcement:

Consists of a series of detective and protective controls that ensure that the company meets the specified policy automatically.

Sailpoint Training

  • Master Your Craft
  • Lifetime LMS & Faculty Access
  • 24/7 online expert support
  • Real-world & Project Based Learning

Access Certifications

IdentityIQ Access Certifications centralizes and translates professional identity data across resources into market-relevant and rich content, making it easier for business users to understand what they're certifying.

  • By proactively concentrating on high-risk processes and users, certification activities are streamlined.
  • Options for event-triggered, continuous, and periodic certification are all supported.

Allows for consistent access verification and analysis, as well as monitoring and recording, to ensure that user access permissions are in line with their job functions.

Policy Management

Policy Management allows for policy compliance that improves organizational security and complies with regulatory standards while lowering risk.

  • Enhances the IdentityIQ policy model, which displays users' entitlements and responsibilities in relation to various policy ranges.
  • Dashboards, analytics, tracking, and identity risk scores are all used to manage compliance.

Violations are detected early on, and offending access is automatically removed and redirected for analysis.

Audit Reporting and Analytics

IdentityIQ allows you access to a comprehensive suite of audit analytics and reporting that provides insight into the efficacy of regulatory controls in cloud-based systems and the enterprise.

  • Provides customized and rich dashboards as at-a-glance graphs and charts, as well as the ability to obtain quick visibility into governance and regulatory processes across the organization.
  • Allows for personalized, direct queries within GRC applications and third-party reporting, which enhances sophisticated enforcement analytics.

Exhibits organizational regulatory controls, such as policy breaches, risk metrics, and remediation operations, using robust charting and pre-defined reports.


  • It's ideal for specialized workflows that are centered around a single person. IIQ recognizes the embarrassment and pitfalls of employees using it. You can build any workflow you like with the IIQ developer.
  • It can associate structures such as Active Directory and various enterprise databases.
  • Its user interface is highly customizable.

Subscribe to our youtube channel to get new updates..!

Lifecycle Manager

The SailPoint IdentityIQ platform is a next-generation, market-leading technology based on over a decade of best practices, expertise, and knowledge to elevate your identity software. Many of the world's biggest and most diverse organizations use IdentityIQ to solve their most important governance concerns. IdentityIQ tackles the limitations of first-generation technologies and manual provisioning procedures with best-of-breed identity governance, while simultaneously offering a stable, extensible interface to guarantee that your needs are addressed today and in the future.

IdentityIQ manages all identities throughout their entire lifecycle. IdentityIQ can execute birthright provisioning (based on employee work type/role) to the required applications and programs when an identity (i.e. individual) enters an enterprise. Automatic event notifications may create provisioning and de-provisioning requests as an individual switches positions within the company, ensuring that they have the right to have access to their current role and that any access that is no longer required is disabled or deleted. When an employee exits, an automated workflow can be set up to uninstall accounts and alert administrators so that access can be transferred if needed.

Advantages of Automated Identity Lifecycle Management

1) Minimizing the risk

Establish the conditions that control what people should ask for and do depending on their positions in the business. Users have access to the right tools for the right purposes due to Lifecycle Manager. Organizations will close the loop by using IdentityIQ Compliance Manager to conduct routine certification campaigns, and access checks, and provide a complete audit trail from start to finish on individual demands, giving them a better understanding of who has access to whom and when and where the access was given.

2) Minimizing the IT Helpdesk Load and Costs

End users should handle their own authorization requests, which relieves IT organizations of any of their workload. Business users can request full self-service access through IdentityIQ, while IT administrators have total discretion over what access business users can request. IdentityIQ can be designed to build self-service portals and streamline the process of requesting and providing access to on-premises and cloud services using a versatile workflow.

3) Improve Efficiencies

Throughout a user's lifecycle with an organization, whether the user is an employee, consultant, or business partner, automatic provisioning controls the business processes of authorizing, changing, and revoking access. Changes in user access can be provisioned dynamically using a wide library of direct connections for applications like Workday and SAP, or synchronized with IT service management tools like ServiceNow.

4) Automate Policy Management

You will use IdentityIQ Lifecycle Manager in combination with IdentityIQ Compliance Manager to identify separation of duties (SoD) policies and other policy concepts that provide controls so you can stay consistent with internal policies and federal regulations by using IdentityIQ Compliance Manager's comprehensive policy engine. To avoid toxic access combinations (for example, Accounts Payable vs. Accounts Receivable: guarantee that the people who accept the checks can't write the checks to minimize the likelihood of fraud), robust policy definitions can be established. Managers may also write policies that encourage them to make exceptions if required.

5) Integration of Privileged Access Management (PAM)

The IdentityIQ PAM Integration Module works with existing PAM solutions to boost security and reduce risks by allowing you full access and clear control over your privileged accounts. The PAM module, when used in conjunction with IdentityIQ Lifecycle Manager, assists administrators in controlling and regulating privileged identities and their underlying access, allowing for consistent governance. Administrators will also certify both privileged and conventional access. The PAM module further contributes to increased efficiency by streamlining the lifecycle maintenance of privileged account access in accordance with best practices. SailPoint is leading the implementation of the industry's first standard for connectivity between PAM and Identity Governance solutions with the launch of the PAM module, enabling simple integration with most PAM solutions on the market today.

6) Integration with Identity Governance for Files

SailPoint SecurityIQ expands the SailPoint identity governance framework to provide a robust approach across all applications and files by regulating access to sensitive data. SecurityIQ provides enterprise-level identity governance by identifying sensitive data and implementing effective access controls, as well as real-time visibility, to optimize security, mitigate enforcement risks, and promote greater productivity across on-premises and cloud storage systems.

Governance platform

All of your cloud platforms and services are discovered and protected by SailPoint Cloud Governance. It automatically learns, monitors, and secures access using AI and machine learning, without slowing down your business.

  • View who has access to the multi-cloud infrastructure and what they have access to.
  • Track your systems for any unwanted or unused access.
  • Boost cloud resource protection.

You can do the following with SailPoint Cloud Governance:

1) Gain visibility

Access roles and policies for both human and non-human users, as well as artifacts, in your IaaS environments, can be viewed.

2) Minimize risk

Automate access provisioning and tracking for improper, unauthorized, and unused access.

3) Define policies

Across multiple IaaS systems, model and define clear access policies based on roles and activities.

4) Govern efficiently

For auditing and enforcement, automate access assessments and generate reports with historical views.

User provisioning

Provisioning user access is simple and safe with SailPoint. It helps you avoid having too many permissions by automatically modifying and eliminating user access as things change, reducing risk and increasing enforcement and efficiency.

  • Make it possible for a safe remote workforce to have access to all critical applications.
  • Provide new employees with the resources and access they need as quickly as possible from the 1st day.
  • When users' functions in the company alter, automatically adjust or revoke access.
  • Role-based provisioning policies can be used to ensure the division of duties.

Working of automated provisioning

In our position-based identity management solution, when a person is assigned a task in the scheme, they are immediately granted access. If a worker switches jobs or exits the company, their access is automatically configured or deleted.

SailPoint will assist you with the following:

1) Obtain productivity from the first day.

With automatic, intuitive access, users would be able to do their work right away, from any place.

2) Boost IT performance

Allow your team to concentrate on high-impact IT programs by automating usual provisioning.

3) Human error prevention

Automated provisioning focused on enforcement and security policies eliminates typos.

4) Minimizing risk

Reduce protection and enforcement risks by ensuring proper least privilege access at all times.

5) Observe all access

Get a comprehensive view of all account access and entitlements to all organizations.

6) Verify approvals and access.

Also through times of transition, detailed audit trails show how access was managed.

Sailpoint Training

Weekday / Weekend Batches

Enroll Now For a Free Demo of SailPoint Training in Hyderabad


Thus from this architecture overview, we have learned many key aspects through its component functionalities such as how to reduce risk, define policies, improve efficiency, audit the reports and analytics, privilege management, automated provisioning, etc.

Related Articles