Blog
A day in the life with AI-powered identity security: Application onboarding
With all the headlines and noise about AI running rampant in the news and on our feeds, we want to anchor the AI discussion around the real and practical ways that AI can help your organization through its identity security challenges. The rapid proliferation of AI is creating historic levels of innovation, but it can also contribute towards growing security risks, especially in the realm of identity. In this interview series with identity security and AI experts, we discuss identity security issues many organizations experience on regular basis. We also walk through the ways SailPoint’s offerings, and the AI capabilities that power them, can bring value and practical solutions to these common issues that many organizations of diverse sizes and industries experience today.
Achieving a strong identity security posture starts with onboarding core business applications, which involves connecting them to an organization’s infrastructure and bringing them under governance and security policies. Application onboarding can often be a manual, time-consuming, costly, and complex process that stalls identity security initiatives and program momentum. What if this foundational step could be transformed by intelligence and automation? Let’s explore how AI can make the arduous task of onboarding applications and connecting accounts to new applications much easier.
Today, we're speaking with Deepesh Kumar, Staff Product Manager for Application Onboarding and Connectivity at SailPoint, about how AI is turning one of the most painful parts of identity security into a streamlined and secure process that enables business transformation.
HP: Let’s start with the people on the front lines. What are the most common day-to-day challenges and frustrations that identity teams face when trying to onboard new applications?
DK: Number one is that the identity and security admins on the customer side are very specialized in identity security, and they don’t often have subject matter expertise in the applications, like Salesforce or Workday for example, that application owners need to onboard. They do not know the details of how to onboard these applications successfully, and when you’re looking at a situation where in some cases you have hundreds of applications to onboard, it can take a long time to get up to speed and get these apps onboarded. Depending on the application, it can take six to eight weeks to just one. In the meantime, these applications are not properly governed which leaves enterprise vulnerable to security and compliance issues.
The second big issue is about visibility. One of the things that CIOs are asking is to get visibility into all enterprise applications. We have had conversations with many CISOs and CIOs, and most of them do not have this view. They must reach out to different IT teams, try to figure out how many applications there are, classify them, and then create a governance plan to really prioritize these applications for onboarding.
Another problem is that most can’t onboard apps at the pace the organization wants, so you wind up with scale issues. When we’ve spoken to customers, we usually realize that they have been really focused on a handful of four or five applications that have been classified as ‘important’ for business, but they have not been able to onboard the hundreds and thousands of everyday business applications that are ungoverned, unsecured, and open to attack.
HP: Why is application onboarding important for a solid security posture? Why is getting this initial step wrong so damaging down the line?
DK: One of the questions that our customers normally can’t answer at first is understanding what happens if their applications stay ungoverned. For most customers, the way they prioritize these applications is based on either the availability of resources, subject matter expertise, or whether a particular application is easy to onboard. Why would a customer prioritize onboarding of Slack and Microsoft Teams when the core business runs on SAP and Oracle? This is where your security posture starts being compromised, and getting that corrected is the need of the hour. I tell the customer that even if you have all the greatest security software in the world, such as firewalls and anti-threat systems, you will still be vulnerable to attack unless you have your applications onboarded. Your security systems won’t be effective unless these applications are brought under identity security governance. You're going to have penetration from threat actors and you're going to have security compromises in your ecosystem that will cause compliance issues and cause harm to your business.
HP: At a high level, how does SailPoint's AI-powered approach to application onboarding and management help an organization address these issues?
DK: Proper application onboarding and management starts with visibility. It is the foundation to identity security and the front door to enterprise governance. Organizations need awareness and a holistic view of the hundreds and thousands of applications in their enterprise landscape. And, since this landscape likely stretches across multiple geographies and systems, it’s important to discover them automatically. We do this with SailPoint Accelerated Application Management (SAAM) via a browser extension for all browser-based applications including AI tools, and with discovery connectors for IDP, SSO, CMDB and PAM applications. This enterprise view of visibility helps us expose shadow AI, shadow IT and unmanaged access paths early and lets organizations establish a comprehensive inventory of applications and access points across the environment—from SaaS apps to those cataloged in the CMDB.
All these capabilities let organizations know what applications they have, who owns them, access rights, where they reside and much more. Once discovered, organizations can see which applications are carrying sensitive data, have data that has been classified as critical, or are business-critical, which helps our customers prioritize the onboarding sequencing. This prioritization is critical: All applications require governance, but not all require the same level of governance. We can help enterprises prioritize application onboarding based on real-world usage and risk.
From there, we use AI to help organizations connect, or correlate, identities with the accounts in the discovered applications. SailPoint cannot govern uncorrelated accounts, so it’s critical to get this right to avoid major security loopholes.
Finally, we help establish a foundation for Zero Trust. When an employee is requesting an account, we want to ensure that least privilege is always exercised. Our AI model also assists with configuration recommendations, ensuring that when you create an account, you have the most relevant configurations and Zero Trust is always exercised.
HP: Can you give us a practical 'day in the life' example? An admin needs to connect a new enterprise application. How does SailPoint help?
DK: Sure, look at a multinational organization with multiple teams and business units operating all over the world. Our discovery connectors keep running on a scheduled basis, so every time the enterprise adds a new application, the discovery connectors would read it and detect that there is a new app in the ecosystem and bring it into Identity Security Cloud (ISC). The same scenario happens with the SAAM browser extension as it’s continually discovering new applications. SailPoint would then notify the admin that a new set of business applications have been discovered. That alone helps make admins more efficient because they now know about the new application, no one has lost track of what's coming in, and there’s no need to coordinate manually or write automated scripts.
Next, our connector recommendations with built-in smart logic play a big role in easing the onboarding path. We can guide admins to recommended SailPoint connectors so they can easily connect newly discovered apps. Then, there’s the downstream process of the account correlation mapping. Intuitive AI recommendations help admins onboard these applications via one-click maps that they can use for configuration. This guidance ensures that you do not have any uncorrelated accounts and that all users are using ISC - and not using any backdoor processes - to gain access into systems.
Once you have done that, all users are automatically streamlined to use ISC as a single source of truth for requesting any sort of access. It all starts as soon as the admin is notified of the new app, and our AI system guides admins to set up and onboard apps faster and accurately.
HP: How does AI help organizations discover ungoverned applications and, more importantly, prioritize which ones to tackle first?
DK: We do continuous discovery and updates on our side, so any detection of new applications is flagged to the admins. Prioritization happens after that, and our dashboards are updated automatically based on the new apps and what level of risk they carry from being ungoverned. These risk levels are a guiding factor for the admins to say which of these applications they should prioritize for onboarding first, rather than doing something that is not as important. One of the biggest problems that our admins and CIOs face is with the auditors. They want to see a view of all the onboarded versus non-onboarded applications an enterprise has, and we provide that view in our dashboards to make the compliance aspect easier.
HP: Once an app is discovered, connecting it is the next hurdle. Can you elaborate on how SailPoint helps make the connector configuration process easier?
DK: Our newly introduced Express Setup capability helps streamline the connector setup and configuration process and helps admins save hours of time onboarding applications. Express Setup is a wizard-driven UI experience that helps admin set up these connectors in read-only mode in just a few clicks. It tells you the default authentication type, which you keep handy during the setup process. Once provided, SailPoint connects to the business system, and you're done. SailPoint gets all the data from the business application and does the correlation automatically using pre-set defaults. The value here is that you don't have to be an expert on the app or system because we have defaulted everything. You can do this with just three or four clicks, making it much easier and faster to onboard hundreds and thousands of apps.
HP: Account correlation can be one of the most complex and time-consuming parts of app onboarding. How does AI specifically solve the pain of mapping identities to accounts?
DK: Customers really spend a lot of time doing the account correlation to ensure no shadow accounts exists. Finding out who the users are that have accounts and getting them correlated with an identity is a hard job to do when your data is not cooperating, and about 20% of the customer's effort just goes to rectify this problem. What the AI recommendation does here is, before you even have aggregated these accounts, the AI reads a subset of data to understand what the right maps could be to configure your account correlation correctly. Once it provides you with those mappings, it's just a matter of you as a user accepting those maps. The AI does this in a couple of minutes, and it tells you how far you are having all accounts correlated in almost real time. You've got a live graph in front of you which is a very powerful tool for highlighting the recommendation based on the customer's own dataset and making the whole process extremely accurate and efficient. This is especially powerful for unknown systems where customers can spend days and weeks just to get this right. It's a humongous cost and effort saving, thanks to AI ability within the product.
HP: What is the real-world business impact in terms of time, money and resources organizations can potentially save using SailPoint for automated application onboarding and management?
DK: It's security, compliance, efficiency, cost, effort, and identity security time-to-value. Automated, integrated, AI-driven application onboarding and management solutions ensure that organizations can to onboard applications at scale. It helps you with time saving and ensures that your target of becoming compliant is met well within the program duration. It also gives you the ability to self-serve as we move away from an admin-centric experience to a more business user experience and empower non-admins to use this capability to confidently onboard applications quickly and accurately.
We also help ensure that security is maintained, even if someone with a non-security background is trying to set up a business application for SailPoint governance. We've put AI-driven guardrails in place that let admins know if someone has set up a risky configuration, for example.
We also have a feature called 'Assign' within the application onboarding capability that both streamlines and encourages partnership between admins, subject matter experts, and app owners. This collaborative feature lets admins delegate the onboarding process to a subject matter expert, who can also take advantage of AI assistance to onboard the application.
Getting all the aspects of onboarding right — from discovery, connecting, correlating accounts, creating accounts with least privileges — and doing it quickly is huge for security and maintaining compliance with auditors and other governing bodies. Your business will see faster time to value, which improves ROI as well for the investments you make with SailPoint and in these business applications.
HP: With AI automating so much, how do you ensure the human expert remains in control and the process is safe?
DK: This is a great question. At SailPoint, with all the recommendations that we generate with AI, we are very transparent in letting the users know why something was recommended. Unless these configurations are accepted by the human in charge, we do not automatically commit to these configurations. So, human-in-the-loop is the design by default. AI recommendations are not applied without human approval. We also give the user control of adjusting the accuracy level of the recommendation. So again, the control is given to the human for the choices that AI is recommending. We help make sure that none of the configurations are overwritten by AI. In fact, it's the other way around, and we want to make sure that a human always stays in control.
HP: What's the most important thing for a leader to understand about the potential of AI-powered application onboarding and management for their identity security program?
DK: The scale and the speed at which you can onboard apps safely using this tool to accelerate your onboarding process exponentially. Getting it right is so important because every time you falter on any one of the stages, it's a cascading effect, and it's just going to delay your whole process down the line. When thinking about security, you want to make sure that you are onboarding the most critical applications first, not the easiest one. That is where application onboarding comes into the picture, which will tell you which are the most high-risk apps that you should really focus on. The AI recommendations ensure that accounts and identities are connected and that enforcing least privilege is the topmost priority. Another important thing is that the accounts that are governed, you do not want any backdoor entry. You want to make sure that everybody and every application is governed under the umbrella of your identity security.
Application onboarding: frustrating bottleneck to business accelerator
The traditional approach to application onboarding is a significant bottleneck for modern enterprises. Fraught with manual processes, visibility gaps, and technical complexity, it can take weeks to bring a single application under governance, slowing down business agility and leaving a wide window for risk. This slow, frustrating, and costly prerequisite often stalls identity programs before they can even demonstrate value, forcing security teams to make difficult trade-offs that leave countless applications ungoverned. SailPoint application onboarding within Identity Security Cloud transforms this foundational step from a bottleneck into a business accelerator. By embedding AI-driven discovery, recommendations, and automation directly into the process, organizations can slash app onboarding time from weeks to days, close dangerous security gaps before they open, and systematically improve their security posture from day one.
Ready to turn your application onboarding process into a streamlined and secure engine for growth? Learn more about how SailPoint application onboarding can help you accelerate your identity security program.
