Stay up to date on our latest features and enhancements.
At SailPoint we’re committed to innovation. From product improvements to breakthrough technologies, this page will highlight many of the exciting advancements we’ve recently released across our entire portfolio of SaaS products, as well as providing a preview of some of the great new features our team is currently hard at work on.
We also take pride in listening to our customers and developing complete solutions that best solve their problems. Throughout this page, you’ll see this icon to signify roadmap items that have been directly influenced by our customers.
Forward Looking Statement
The development, release, and timing of any features or functionality described for our products that are not currently available remains at our sole discretion on a when, and if available, basis and may not be delivered at all and should not be relied on in making a purchasing decision.
Please try again.
Access Model Snapshot
Access Model Snapshots will provide users with a clear visualization of their overall access model. These snapshots can be used to verify accuracy in the access model and review trends.
Add Search and update UX for Admin Campaign Pages
Add Search and update UX for Admin Campaign Pages (including List of Reviewers page within Campaign Pages)
ARM Support for Fiori
ARM is expanding the breadth of connected applications in 2022, starting with Fiori.
AWS Connector enhancement
AWS Connector now supports the ability to update policies through IdentityIQ.
BMC Helix – ITSM: Accounts Connector
Enhancing and extending our BMC Remedy connector to support BMC Helix Platform. This connector now supports BMC Helix cloud platform and is capable of Account aggregation for user information and access, and Group aggregation for roles, policies, etc.
BMC Helix – ITSM: Service Desk Management Integration Module
BMC Helix integration with IdentityNow and IdentityIQ enables efficient management of tickets, requests, policies, access, and provisioning
BMC Helix Remedyforce Accounts Connector
Enhancing and extending our BMC Remedyforce connector to support BMC Helix Platform. This connector now supports BMC Helix Remedyforce cloud platform and is capable of Account aggregation for user information and access, and Group aggregation for roles, policies, etc.
Adds customers to retrieve logs of their CAM administrator and user activity.
CAM Source Configuration API
This feature enables configuration of sources via API. Customers may expedite source configuration and maintenance outside of the CAM UI. In this release, the API will enable the addition/deletion of source accounts and sub-accounts.
Cloud Access Certifications
Certify cloud access for AWS, Azure, and GCP within IdentityNow or IdentityIQ.
We’re expanding our ecosystem of connectors. Customers can retrieve usage and activity data for Atlassian Confluence.
Continuous snapshot status notifications
This feature provides transparency into CAM’s inventorying of customer’s cloud environments. It enables customers to review resource interrogation information for sources. In this release, these status alerts will give a granular view into a permission issue on an individual resource in a source or sub-account.
Create Common Access Roles
Identity and Role administrators can easily create common access, or “joiner”, roles through the role discovery process.
Display Correlated Identities for Cloud Resource Users
Show detailed identity information, from IdentityNow, within Cloud Access Management for all cloud resource users.
EAM ’22 is designed to scale and manage customer environment issues more effectively – lowering reliance on devops and support, while delivering an improved user experience for ARM EAM customers.
Event Notifications in Slack and MS Teams
Ability to receive event notifications for Joiner, Mover, and Leaver events directly within Slack and MS Teams.
Event-driven Attribute Sync After Account Update or Configuration Change Events
Synchronize attributes to downstream applications whenever 1) changes to accounts are detected, e.g., ungoverned account updates were discovered during the aggregation of non-authoritative sources, or 2) changes to attribute sync configurations are detected, e.g., the IdentityNow Administrator updated the Active Directory attribute sync configuration.
Expanded Access Request Segmentation
Expands support of Access Request Segmentation capability to include entitlements to assist in governance of items individuals or groups can see and request via the Request Center.
Export Access History Event Timeline
Administrators can export the “identity event” timeline data from Access History to support audit and compliance needs.
Enable customers to trigger inventory update for a given CSP source account.
Identity Outlier Detection
Highlight identity anomalies and suggest remediation options based on how access is currently distributed across the enterprise.
Identity V3 API
Release v3 Identity APIs
IdentityNow for BeyondTrust – Password Safe (Cloud and On-Prem)
IdentityNow for BeyondTrust Password Safe provides for deep governance of accounts and groups (entitlements). The integration comes with rich governance capabilities to manage who has access to which „containers“ and enable the organization to manage its identity security program for their privileged users.
License Limit Alerts
SaaS Management customers will be notified when they are approaching the license limits of their SaaS applications.
Microsoft Azure AD PIM support
Enable CAM to include Microsoft Azure AD PIM identities and enabled/active access paths.
More Efficient Scheduled Identity Refreshes
IdentityNow will promote identity attributes, evaluate lifecycle state membership, and correlate managers in an “identity update step” before it continues on to an “access update step” to reduce unneeded work. Schedule a meeting with a SailPoint Product Manager to provide your input on the future of Identity Refresh. Link to scheduler: https://calendly.com/kirby-fitch/identity-refresh-roadmap
New Request Center Experience
We’re making self-service Access Requests even easier by centralizing search across all requestable item types (applications, roles, and entitlements). We’re also updating the request flow to simplify the overall catalog experience for requestors and supporting multi-item requests.
Public APIs to Manage Cloud Sources
New public-facing APIs to support automated creation and updates for cloud sources.
Any roles that are identified as identical, or near-identical, across the access model are consolidated into a single role. This makes roles easier to find and eliminates duplicative items.
Role Discovery Filtering Enhancements
Additional improvements to the discovery of roles via Access Modeling, by making the selection criteria easier and more intuitive to navigate.
SaaS Management APIs
Allow customers to extend SaaS Management and automatically retrieve data from the application.
Scope for Cloud Roles
Detailed access information for cloud Roles displayed directly within the UI.
ServiceNow role aggregation improvement
ServiceNow – Support and show child/nested roles on account aggregation
Source Scope Configuration Improvements
This feature improves the scoping of sources. It improves customers experience when enabling scope management within a CSP account, project, or subscription. In this release, customers may filter by selected/deselected, search, and manage a hierarchy.
Support Access Request Recommendations for Movers
An additional algorithm is being introduced within the Access Request Recommendations capability to identify employees/users that have changed jobs within the enterprise and recommend the access that should be requested based on their new role.
Support for Microsoft PIM
This enhancement will enable the discovery and display of cloud access defined within Microsoft Privileged Identity Manager (PIM).
Time-Based One-Time Password (TOTP) on Login
Time-based One-time Passwords are a common form of two factor authentication (2FA). Unique numeric passwords are generated with a standardized algorithm that uses the current time as an input. Time-based passwords are available offline and provide user friendly, increased account security when used as a second factor.
An updated UI will provide easier navigation, greater visibility, and additional insights. Along with a refresh of existing widgets, there will be new widgets for guardrails and high risk users.
Updated Source Management Experience
A completely updated user experience for managing new and existing sources. Users will be able to take actions on sources with fewer clicks through an intuitive, user friendly experience.
Updated Virtual Appliance Management Experience
A completely updated user experience for managing new and existing Virtual Appliance. Users will be able to take actions on sources with fewer clicks through an intuitive, user friendly experience. Users will also have better visibility and guidance on statuses and alerts, as well as some quality of life improvements, like being able to restart a VA cluster through the UI of IdentityNow.
WebServices connector support for Delta Aggregation
WebServices connector extends support for Delta Aggregation
Workday Connector improvement
Workday Connector now supports past dated Rescinded Hires
Simplify automation and accelerate business with a graphical workflow builder to create custom workflows using a drag & drop GUI.
Govern the items individuals or groups (e.g. business units, geographies, or types of employees) can see and request via the Request Center.
Admins can use an intuitive UI to construct logic that will select the appropriate account provisioning assignments when the identity has multiple accounts on the target source.
Ensure certification reviewers have more information when making access decisions, by showing what accounts a user has not accessed in the last 6-12 months.
New events that can be utilized by the Event Trigger Service to perform actions. Event triggers include: Campaign Generated, Campaign Activated, Certification Campaign Ended/Expired, Certification Signed-off, and Certification Reminder.
The default attributes for the Recommendations Engine provide accelerated time-to-value for new implementations and improve the accuracy of recommendations for existing customers.
Cloud Access for Entitlements
View cloud access details for entitlements directly within IdentityNow or IdentityIQ.
UI controls allowing Admins and Source-Admins to configure the account and group level direct permissions that would be aggregated for a source.
UI controls allowing Admins and Source-Admins to configure the entitlement types that would be aggregated for a source.
This enhancement will pinpoint common access items across an organization to define access models more clearly.
Architecture and design improvements to reduce the time for onboarding and refreshing large scale cloud environments.
Provides visibility into related Parent and Child entitlements when viewing the details of a specific entitlement.
Users can submit requests for individual entitlements via Access Request for themselves or on behalf of other users.
Using access request events in combination with the Event Trigger Service, the Request Tracker will include visibility into when important events occurred during the request workflow.
Synchronize attributes to downstream applications whenever changes to identities are detected, e.g., identity attributes were updated during the aggregation of authoritative sources.
Governance Groups in Certifications
Customers will be able to assign a group of people to review Certifications (vs a single reviewer), making Certifications easier and faster to review while ensuring only the appropriate decision makers are still the people determining access for their organization.
Granular User and Administration Access Levels
Ability to specify, and limit, access to administrative functions within Cloud Access Manager.
The ability to copy entire configurations or specific objects from one environment to another (ex. sandbox to production). These APIs can be used to restore configurations, by importing a previously exported configuration snapshot, and can also be used to automate identifier mapping and rule copying to accelerate implementations.
Support for multiple “types” of entitlements on a source, each with a uniquely defined set of mapped attributes. These entitlements can be also certified via Access Certifications.
We’ve added 3 event triggers to help you create powerful, customized, and automated workflows for your identity governance processes. The new triggers are: Source Created, Source Updated, and Source Deleted. Additional information about each trigger will be available on the SailPoint Developer Portal.
We’re simplifying the deployment of Connector Rules within IdentityNow. Customers and Partners can deploy Connector type rules directly into their tenant without the need for review and approval from SailPoint.
Recommendations for Access Profiles and Roles within Certifications
Leverages peer group analysis and machine learning to proactively recommend appropriate access profiles and roles for employees during access certifications of an identity.
Generate, download, and export reports for any unused access across Cloud Service Providers.
Managers can request the removal of access for their direct reports when access is no longer needed. Requests to remove access will trigger an approval workflow that is configurable and can be different from the grant access workflow.
This functionality helps administrators better understand their access model and make guided decisions on how to continuously improve it through newly surfaced roles.
Customer can see all the applications their employees have integrated with tools such at Dropbox, Google, Slack, and MS Office. Additionally, they can see the specific permissions their employees have granted.
A secure and compliant way for customers to provide access to their tenants for SailPoint Support & Services.
Source Account Event Triggers
Trigger events to create custom, automated workflows for your identity governance process with the following new event triggers: Source Account Created, Source Account Updated, and Source Account Deleted. Visit the SailPoint Developer Portal for more information.
This enhancement will allow Administrators to edit Access Profiles within the UI.
We’re making it easier to select the right identity attributes in a source’s „Correlation Configuration“ and „Create Profile“ menus. The technical attributes names will appear in parentheses after the business-friendly attribute names for any identity attribute.
A new, intuitive, and streamlined user experience for changing passwords for applications and accounts. This new UI also provides new deep linking integration options that allow employees to reach Password Management from outside applications with a single click.
We’re continuing to improve our Access Certification review process. This release will include an updated UX upon campaign completion, additional information on the Campaign Details page, new search fields, improved overlay pages, and simplified reassignment.
Workflow reports delivered by custom webhook
Customers can send out their Workflow reports to any service that accepts webhooks.
Workflow reports delivered by email
Customers can have their Workflow reports sent out via email.
Proactively recommend appropriate access for employees within the Request Center, based on peer group analysis and machine learning, to simplify the access request process.
Filter Access Profiles by description in the details overlay to help users more quickly find the access item they’re looking for. Plus, the addition of key identity attributes (like Manager, Department, and Location) in the approval workflow, so that approvers have more context about the request recipient during the approval process.
Detect and display the related governance action (ex. certification revocation or access request approval) that led to the specific access which was provisioned or de-provisioned from an identity within the Access History timeline.
- Date/Time Math Transform – Calculate date and time values by adding or subtracting units of time from an existing date/time value or “Now”.
- Name Normalizer Transform – Enhanced capabilities to normalize capitalization on a given name value. Ensure all values for a name attribute follow the appropriate, designated capitalization pattern.
- String Handling Transform – Improved string handling to support parsing and formatting of data strings. Includes functions for left and right padding, Base64 encoding and decoding, enhanced sub-string functions, and splitting by delimiter.
Control both Source and Role administration at the Source level. This feature allows our customers to assign admin responsibility for an individual Source to anyone they chose, without granting administrative rights to other Sources.
A major upgrade to our API support portal that provides improved navigation, clearer documentation, and the ability to test API functionality directly on the site.
Access Request Configuration API update that allows administrators to decide what happens in approval workflows when a Requestor is also part of the normal approval workflow. Approvals can either be re-routed to that Requester/Approver’s manager, or automatically approved based on implicit approval.
Provides a seamless experience between role creation and role governance eliminating the need to export roles and insights via CSV.
Provides an improved, transforms-based approach for the automated creation of custom-defined attribute values. Via API, administrators can create a prioritized list of transforms that will generate custom attribute values and check those values against a source for uniqueness. Ex. The automated provisioning of unique account names.
Schedule campaigns to automatically kick-off at regular intervals with predetermined completion dates or reuse an existing campaign schedule again to save time, reduce errors, and increase productivity.
Enhancements to the Certifications in Search user experience that include an updated menu when creating new campaigns from scratch, consolidated steps for configuring and scheduling campaigns, and improved grid views that show the status of all Campaigns.
An additional validation field for the Password Reset workflow that ensures users have successfully updated their password correctly.
Surface any permissions directly associated with an entitlement. These permissions can be configured on a per source basis, provisioned to directly, and certified via Access Certifications.
Create SOD policies at a more granular (entitlement) level. Improving the specificity of access that triggers violations and simplifying remediation by providing the exact entitlements that cause each Identity to be in violation.
Triggers when changes have been detected on the status of a VA. A “subscribed” event can be used to automate responses, such as notification via Slack channel or PagerDuty.
Integrate our IGA solutions into existing business processes and kick off custom workflows for things like Identity attribute changes or when provisioning has completed.
Provides the ability to automate actions, such as sending an email or starting a Certification campaign, whenever a change is detected within our system.
Extended support to include Okta as an Identity Provider (IDP) for displaying federated access to cloud platforms.
Show federated user access for Azure Active Directory users, as well as groups mapped to AWS accounts, for customers that use Azure AD as their Identity Provider (IDP). This provides greater visibility into who has access to what within multi-cloud platform environments.
Heightened support for large & complex IaaS environments via automated registration of new cloud accounts, and the ability to customize the scope of managed cloud accounts.
Treat ‘Provisioning Tasks’ as searchable objects by allowing them to be accessed through the dynamic Search engine along with all other forms of reporting data.
Improved functionality for detecting and displaying cloud access that is unused. In addition to displaying unused permissions that users have access to, Cloud Access Management now displays more details of how that cloud access is granted at higher levels, such as unused services or unused roles a user may have access to.
Multi-account Source Provisioning
Resolves ambiguous target accounts for provisioning requests. If a provisioning action cannot be completed because the source has more than one possible target account for the selected Identity, IdentityNow will generate a manual task to facilitate the selection of the appropriate target account to which the access should be provisioned.
Easily create and manage non-employee identities, while also quickly granting, modifying, or revoking access for those third parties, whether they’re partners, suppliers, or any other type of contingent worker.
Provide customers licensed for Access Request and SOD the ability to ensure their approvers are aware of all SOD violations that would result from their approval of a specific access request.
Recommendations for bundles within Access Request for Movers
By leveraging AI and ML, the Recommendations Engine enables existing employees to quickly and easily find new access they may need to start performing additional job responsibilities.
By leveraging AI and ML, the Recommendations Engine enables new employees to quickly and easily find the access they need to start performing their new job responsibilities.
By providing the ability to fine tune the rules used to model Roles, this capability will provide organizations more granular control over the Roles that are created, and simplified visuals and controls will help ensure they align with the exact needs of the business.
Include account statuses (‘active’, ‘locked’, or ‘disabled’) in the event timeline. Improve the ease of understanding when, and how, an identity gained or lost access by relating these additional insights to the corresponding action.
Enable reviewers to input comments when revoking access to specific Roles, Entitlements, or Access items during a campaign.
Certifications to support the periodic review of Roles, including the access granted by the role, the assignment configuration, and the name and description of the role itself.
Provides the ability to understand, interpret, and act on industry best practice KPIs in order to improve the efficiency, accuracy, and security of their access model.
The official SailPoint for Microsoft Teams application empowers enterprises to employ governance capabilities with their existing Microsoft tools, and provides identity security capabilities to organizations, such as granting users access to corporate resources anytime, from their Teams app! All approval workflows are still managed, and decision records maintained, within IdentityNow ensuring normal approval processes are maintained and an audit trail is available.
The official SailPoint for Slack application protects your business everywhere by ensuring users have the right access to corporate resources anytime, anywhere right from Slack! All approval workflows are still managed, and decision records maintained, within IdentityNow ensuring normal approval processes are maintained and an audit trail is available.
New visualizations of cloud inventory data and improved flexibility for refreshing access relationships.
Display, set, and modify a termination-of-access (or “sunset”) date on access items approved during an Access Certification. Initially the modification of sunset dates will only support the shortening (bringing in) of sunset dates.
Set a pre-defined end date for any access granted through an Access Request, allowing for the automated deprovisioning of that access at the specified time.
Supports the modification or extension of a sunset date. Modifications will automatically kick off the same approval workflow that is configured for granting the access before the update is confirmed.
Numerous additional enhancements to the cert reviewer experience:
- Dynamic resizing and “preference memory’ for grid columns between views.
- Auto-navigation to move users onto the next decision item (access item or identity) and through the decision tabs.
- Clear indication (gray out) when all decisions on a tab are complete.
- Campaign cards sorted by due date, completed cards sorted by signed-off date.
- Added flags for additional info (ex. indicate birthright access “*”.
- Added sorting capability to columns.
- Reminder on completion screen (pre “high five”) to ensure sign-off is complete.