Stay up to date on our latest features and enhancements.
At SailPoint we’re committed to innovation. From product improvements to breakthrough technologies, this page will highlight many of the exciting advancements we’ve recently released across our entire portfolio of SaaS products, as well as providing a preview of some of the great new features our team is currently hard at work on.
Forward Looking Statement
The development, release, and timing of any features or functionality described for our products that are not currently available remains at our sole discretion on a when, and if available, basis and may not be delivered at all and should not be relied on in making a purchasing decision.
Please try again.
Display Correlated Identities for Cloud Resource Users
Show detailed identity information, from IdentityNow, within Cloud Access Management for all cloud resource users.
Granular User and Administration Access Levels
Ability to specify, and limit, access to administrative functions within Cloud Access Manager.
Recommendations for Entitlements within Access Request
By leveraging AI and machine learning, the Recommendations Engine helps simplify the access request process by proactively recommending fine-grain entitlements for employees within the Request Center.
Team Recommendations within Access Request
By leveraging AI and machine learning, the Recommendations Engine helps ensure uniform access of team members by proactively recommending access to managers for their direct reports within the Request Center.
IDP Support for PingFederate
Cloud Access Management will provide full visibility of all federated cloud access via PingFederate.
Access Modeling for Cloud Roles
Utilizing artificial intelligence and machine learning, Cloud Access Management can analyze existing cloud roles, in order to reduce role proliferation, by discovering overlapping and duplicate access.
New public-facing APIs to support customer and third-party integrations.
Revoke Requests by Manager
Managers can request the removal of access for their direct reports when access is no longer needed. Requests to remove access will trigger an approval workflow that is configurable and can be different from the grant access workflow.
Improved AD Aggregation
AD aggregations will use the GUID instead of DistinguishedName as the uniqueID for improved accuracy.
Assign Access Reviews to Governance Groups
Admins can assign governance groups as the ‘reviewer’ for access certifications.
Identify and correct roles within the access model that have overlapping access, to reduce the number of roles that need to be created, monitored, and maintained.
Identity Outlier Detection
Highlight identity anomalies and suggest remediation options based on how access is currently distributed across the enterprise.
Create Common Access Roles
Identity and Role administrators can easily create common access, or “joiner”, roles through the role discovery process.
Configuration UI for Direct Permissions
UI controls allowing Admins and Source-Admins to configure the account and group level direct permissions that would be aggregated for a source.
Configuration UI for Entitlement Types
UI controls allowing Admins and Source-Admins to configure the entitlement types that would be aggregated for a source.
Cloud Access Certifications
Certify cloud access for AWS, Azure, and GCP within IdentityNow or IdentityIQ.
Users can submit requests for individual entitlements via Access Request for themselves or on behalf of other users.
Ensure certification reviewers have more information when making access decisions, by showing what accounts a user has not accessed in the last 6-12 months.
Provides visibility into related Parent and Child entitlements when viewing the details of a specific entitlement.
Simplify automation and accelerate business with a graphical workflow builder to create custom workflows using a drag & drop GUI.
Enhanced Business Intelligence
New data reporting and visualization capabilities will provide customizable charts and graphs with IdentityNow’s standard out-of-the-box reports.
Recommendations for Access Profiles and Roles within Certifications
Leverages peer group analysis and machine learning to proactively recommend appropriate access profiles and roles for employees during access certifications of an identity.
Recommendations for Access Profiles and Roles within Access Request Approvals
Accelerate access request approvals by leveraging peer group analysis and machine learning to proactively recommend appropriate access profiles and roles for employees.
Event Visibility in Request Tracker
Using access request events in combination with the Event Trigger Service, the Request Tracker will include visibility into when important events occurred during the request workflow.
Updated User Experience
A new, intuitive, and streamlined user experience for changing passwords for applications and accounts. This new UI also provides new deep linking integration options that allow employees to reach Password Management from outside applications with a single click.
Account Selection Logic for Provisioning Activities
Admins can use an intuitive UI to construct logic that will select the appropriate account provisioning assignments when the identity has multiple accounts on the target source.
Cloud Access for Entitlements
View cloud access details for entitlements directly within IdentityNow or IdentityIQ.
Enhancements for Large Scale Environments
Architecture and design improvements to reduce the time for onboarding and refreshing large scale cloud environments.
New visualizations of cloud inventory data and improved flexibility for refreshing access relationships.
Scope for Cloud Roles
Detailed access information for cloud Roles displayed directly within the UI.
Organizations can securely establish the first password for new users, define the set of individuals that should receive the new password email, and specify if this should be sent to their primary or alternative email address.
UX Improvements for Certification Review
Support for the ability to Search, Sort, and Filter within the Certification Review UI. Users will also be able to select additional columns of data (currently only visible in overlays) to show or hide in the review grid.
Additional Certification Events for ETS
New events that can be utilized by the Event Trigger Service to perform actions. Event triggers include: Campaign Generated, Campaign Activated, Certification Campaign Ended/Expired, Certification Signed-off, and Certification Reminder.
Discover Existing Common Access
This enhancement will pinpoint common access items across an organization to define access models more clearly.
Event-driven Attribute Sync
Synchronize attribute changes to downstream applications, in near real time, when a change is detected to ensure the data in those systems is more accurate.
Access Request Segmentation
Govern the items individuals or groups (e.g. business units, geographies, or types of employees) can see and request via the Request Center.
Reporting for Unused Access
Generate, download, and export reports for any unused access across Cloud Service Providers.
Direct Permissions on Entitlements
Surface any permissions directly associated with an entitlement. These permissions can be configured on a per source basis, provisioned to directly, and certified via Access Certifications.
Multiple Entitlement Types per Source
Support for multiple “types” of entitlements on a source, each with a uniquely defined set of mapped attributes. These entitlements can be also certified via Access Certifications.
Support for Okta MFA
Support for identity proofing (knowledge-based user attributes, document verification, ID verification, etc.) to confirm an individual’s identity via Okta multi-factor authentication.
Triggers when changes have been detected on the status of a VA. A “subscribed” event can be used to automate responses, such as notification via Slack channel or PagerDuty.
Provides a seamless experience between role creation and role governance eliminating the need to export roles and insights via CSV.
Supports the modification or extension of a sunset date. Modifications will automatically kick off the same approval workflow that is configured for granting the access before the update is confirmed.
The official SailPoint for Microsoft Teams application empowers enterprises to employ governance capabilities with their existing Microsoft tools, and provides identity security capabilities to organizations, such as granting users access to corporate resources anytime, from their Teams app! All approval workflows are still managed, and decision records maintained, within IdentityNow ensuring normal approval processes are maintained and an audit trail is available.
Display, set, and modify a termination-of-access (or “sunset”) date on access items approved during an Access Certification. Initially the modification of sunset dates will only support the shortening (bringing in) of sunset dates.
Proactively recommend appropriate access for employees within the Request Center, based on peer group analysis and machine learning, to simplify the access request process.
By providing the ability to fine tune the rules used to model Roles, this capability will provide organizations more granular control over the Roles that are created, and simplified visuals and controls will help ensure they align with the exact needs of the business.
The official SailPoint for Slack application protects your business everywhere by ensuring users have the right access to corporate resources anytime, anywhere right from Slack! All approval workflows are still managed, and decision records maintained, within IdentityNow ensuring normal approval processes are maintained and an audit trail is available.
Provide customers licensed for Access Request and SOD the ability to ensure their approvers are aware of all SOD violations that would result from their approval of a specific access request.
Multi-account Source Provisioning
Resolves ambiguous target accounts for provisioning requests. If a provisioning action cannot be completed because the source has more than one possible target account for the selected Identity, IdentityNow will generate a manual task to facilitate the selection of the appropriate target account to which the access should be provisioned.
Certifications to support the periodic review of Roles, including the access granted by the role, the assignment configuration, and the name and description of the role itself.
Set a pre-defined end date for any access granted through an Access Request, allowing for the automated deprovisioning of that access at the specified time.
Provides the ability to understand, interpret, and act on industry best practice KPIs in order to improve the efficiency, accuracy, and security of their access model.
Access Request Configuration API update that allows administrators to decide what happens in approval workflows when a Requestor is also part of the normal approval workflow. Approvals can either be re-routed to that Requester/Approver’s manager, or automatically approved based on implicit approval.
Create SOD policies at a more granular (entitlement) level. Improving the specificity of access that triggers violations and simplifying remediation by providing the exact entitlements that cause each Identity to be in violation.
Extended support to include Okta as a Identity Provider (IDP) for displaying federated access to cloud platforms.
- Date/Time Math Transform – Calculate date and time values by adding or subtracting units of time from an existing date/time value or “Now”.
- Name Normalizer Transform – Enhanced capabilities to normalize capitalization on a given name value. Ensure all values for a name attribute follow the appropriate, designated capitalization pattern.
- String Handling Transform – Improved string handling to support parsing and formatting of data strings. Includes functions for left and right padding, Base64 encoding and decoding, enhanced sub-string functions, and splitting by delimiter.
Filter Access Profiles by description in the details overlay to help users more quickly find the access item they’re looking for. Plus, the addition of key identity attributes (like Manager, Department, and Location) in the approval workflow, so that approvers have more context about the request recipient during the approval process.
Enhancements to the Certifications in Search user experience that include an updated menu when creating new campaigns from scratch, consolidated steps for configuring and scheduling campaigns, and improved grid views that show the status of all Campaigns.
Show federated user access for Azure Active Directory users, as well as groups mapped to AWS accounts, for customers that use Azure AD as their Identity Provider (IDP). This provides greater visibility into who has access to what within multi-cloud platform environments.
Include account statuses (‘active’, ‘locked’, or ‘disabled’) in the event timeline. Improve the ease of understanding when, and how, an identity gained or lost access by relating these additional insights to the corresponding action.
Provides the ability to automate actions, such as sending an email or starting a Certification campaign, whenever a change is detected within our system.
Improved functionality for detecting and displaying cloud access that is unused. In addition to displaying unused permissions that users have access to, Cloud Access Management now displays more details of how that cloud access is granted at higher levels, such as unused services or unused roles a user may have access to.
Provides an improved, transforms-based approach for the automated creation of custom-defined attribute values. Via API, administrators can create a prioritized list of transforms that will generate custom attribute values and check those values against a source for uniqueness. Ex. The automated provisioning of unique account names.
Control both Source and Role administration at the Source level. This feature allows our customers to assign admin responsibility for an individual Source to anyone they chose, without granting administrative rights to other Sources.
Easily create and manage non-employee identities, while also quickly granting, modifying, or revoking access for those third parties, whether they’re partners, suppliers, or any other type of contingent worker.
Schedule campaigns to automatically kick-off at regular intervals with predetermined completion dates or reuse an existing campaign schedule again to save time, reduce errors, and increase productivity.
A major upgrade to our API support portal that provides improved navigation, clearer documentation, and the ability to test API functionality directly on the site.
An additional validation field for the Password Reset workflow that ensures users have successfully updated their password correctly.
Numerous additional enhancements to the cert reviewer experience:
- Dynamic resizing and “preference memory’ for grid columns between views.
- Auto-navigation to move users onto the next decision item (access item or identity) and through the decision tabs.
- Clear indication (gray out) when all decisions on a tab are complete.
- Campaign cards sorted by due date, completed cards sorted by signed-off date.
- Added flags for additional info (ex. indicate birthright access “*”.
- Added sorting capability to columns.
- Reminder on completion screen (pre “high five”) to ensure sign-off is complete.
Treat ‘Provisioning Tasks’ as searchable objects by allowing them to be accessed through the dynamic Search engine along with all other forms of reporting data.
Detect and display the related governance action (ex. certification revocation or access request approval) that led to the specific access which was provisioned or de-provisioned from an identity within the Access History timeline.
Enable reviewers to input comments when revoking access to specific Roles, Entitlements, or Access items during a campaign.