Stay up to date on our latest software release updates.
At SailPoint we’re committed to innovation. From product improvements to breakthrough technologies, this page will highlight our IdentityIQ and File Access Manager release updates, as well as provide a preview of some of the great new features our team is currently working on.
Forward Looking Statement
The development, release, and timing of any features or functionality described for our products that are not currently available remains at our sole discretion on a when, and if available, basis and may not be delivered at all and should not be relied on in making a purchasing decision.
Please try again.
“Classification Category” Filter in the Permission API Endpoint
Focus your queries and 3rd party integration on sensitive resources and specific categories with new API filter options.
.NET Core Migration
Leverage the power of the .NET Core platform with improved performance and scalability.
AWS S3 Bucket Connector
Extend your governance controls and processes to your Cloud Storage and AWS tenants, and remain secure through digital transformation efforts. Leverage File Access Manager’s Permissions Analysis, Access Reviews capabilities to resources and files stored on AWS S3 Buckets, and attain a comprehensive governance posture and greater visibility into access to data on S3 buckets throughout the organization.
Analyze access rights for AWS IAM Identities across multiple Regions, Organizational Units and External and Internal Accounts. Review granular access governance controls down to the file level. Users can also gain insight into Organization and Bucket-level Access Policies, Public Bucket Permissions and fine-grained ACL-based access rights for individual identities.
Add Usage Statistics to the Permissions API
Get information on unused access through the File Access Manager Permissions API, with new statistics added.
Administrative Capabilities to the Business Website
In the new File Access Manager Business Website, take advantage of the improved user experience, sleek interface and granular role-based control. Additionally, perform and delegate administrative operations such as configuring and managing SMTP Settings, Data Sources and Data Dictionaries with the new management screens.
Administrative Power-User Password Complexity Improvements
Enforce password security and complexity, when setting up the File Access Manager Super-User as part of the initial product installation. This prevents the risk of leaving this powerful account unsecure or the need to go back and change it later.
Application Configuration & Management Web Migration
A newly created Application Configuration Wizard and Management Screen has been migrated to the File Access Manager Business Website. Enjoy streamlined design and UX, a guided user journey through wizard hints, tagging and filtering capabilities, and delegate access with the improved RBAC.
The ability to create and manage applications, or perform operations on resources, can now be delegated to other users and Admins. They do not have to install the Legacy Client Application except for specific use cases.
The Application Configuration experience has been aligned with the new design of the Business website for easier administration and navigation between applications.
Business Website Single-Sign-On (SSO) Integration
Integrate File Access Manager with the Identity Provider of your choice with new support for all SAML-based SSO Services, in addition to the standard Windows Authentication.
Enjoy a smooth logging experience and seamless support for distributed and hybrid environments.
Common Criteria Certification
After a rigorous evaluation process, File Access Manager received its official Common-Criteria Certification. Common Criteria is now the most widely accepted product security certification standard, required by governments and enterprises around the world to protect their mission-critical infrastructure and products. It is also required by the US Federal Government.
It ensures that the right security measures were taken into consideration and that rigorous processes and validations are taking place during:
- The product’s development process
- Its architectural design
- Devising its deployment and delivery methodologies
This certification marks that File Access Manager complies with the highest industry standards in terms of:
- Product development life-cycle management
- And deployment and delivery standards
Hierarchical Resource Scope for Sensitive Data and Permissions Analysis Report Templates
With the new scoping ability, easily configure the scope of your File Access Manager reports by including and managing resource hierarchies.
Isilon Multiple Access Zone Support & Tenant Isolation
File Access Manager now offers Tenant Isolation and Full Capabilities for Multiple Access-Zones on Isilon Clusters.
With the addition of Activity Monitoring and Permission Collection capabilities for Multiple Access-Zones within an Isilon Cluster and removing the dependency on the Administrative (System)-Zone-based OneFS API, each Access Zone within the cluster functions as an independent Isilon Application within File Access Manager.
This enhancement marks the transition in approach from a Cluster-Oriented to a Zone-Oriented configuration. The new configuration will allow users to easily configure applications per Access Zone settings, now allowing for multiple Access Zones on the same cluster to be created with ease.
Protect your mission-critical Linux servers, and ensure the integrity and continuous availability of the resources and unstructured data they rely on. File Access Manager’s new Linux Connector analyzes access rights, performs Access Requests and Certifications, and identifies and classifies sensitive information on your Linux systems, of all major distributions.
Through a single centralized view, this feature provides organizations with a comprehensive picture of effective data access privileges granted to users, accounts and groups from NIS and LDAP (AD) identity stores, as well as local accounts and identities.
File Access Manager’s approach will allow IGA admins and data owners to enforce governance controls, identify sensitive information, excessive privileges and overly-privileged accounts, detect overexposed or jeopardized resources, and assess risk. Then, preventive and mitigative actions can be taken to protect mission critical processes and resources.
OAuth-based Modern Authentication for O365 Connectors
Enjoy easier configuration and onboarding, improved performance, and increased security with your Cloud Applications!
- OAuth-Based Modern Authentication is now available for SharePoint Online, Exchange Online, and the Azure AD Identity Collector and OneDrive.
- File Access Manager supports Modern Authentication methods for all O365, and all cloud endpoints in our Connectivity Portfolio.
- Legacy Authentication, which Microsoft is gradually aging out is no longer required.
With no credentials shared or stored, the risk of jeopardizing service accounts is reduced. You can impose Security Policies, such as Multi-Factor Authentication and Credentials Cycling, on service accounts with no additional effort just as you would for all other accounts. As part of this change, we also added support for multiple authenticated accounts to improve performance and avoid throttling quotas.
Resource Scoping and Ownership Filtering in the Stale Data Reports
Reduce your attack surface by defensively discarding unused information, and save storage cost and administrative overhead. Identify Stale Data and unmanaged resources that store unused files with the new capabilities to scope and filter your Stale Data Analysis reports. Zoom in on the most critical resources and identify those which no one is responsible for to highlight the areas you need to address first.
System Usage Report
With the newly added System Usage Report, view and analyze aggregated usage statistics to help us learn what you like and dislike. This allows us to perfect the most used flows and correct the ones that aren’t as smooth.
Top Level Requestable Resource Labeling
With a new labeling feature, organize your requestable resources and simplify users’ access requests experiences. This will help make sense of complicated, duplicate, or unfriendly resource names, and allow you to conform to your organizations naming conventions and standards.
User Scope Change Management & Default Capability
The new User Scope Import capabilities allow change management and cumulative imports of resource scopes for business users, as well as a streamlined ownership assignment process, allowing you to assign Data Ownership Capabilities. This can be done by leveraging Manage Business Users visibility over time, simplifying users onboarding within the organization, and expediting deployment and adoption efforts.
For a quicker more intuitive onboarding, the default scope for the Auditor and Compliance Manager Capabilities have been adjusted to manage all resources by default.
IdentityIQ is integrating with Cloud Access Manager to provide visibility into and governance over IaaS platforms.
Reporting needs continues to be of utmost importance to a compliant governance program. Many key improvements are being made to IdentityIQ reports.
Self-service Password Reset Improvements
Improvements to the self-service password reset flow are being made to streamline the user experience.
Automated Role Discovery and Creation
Provides a seamless experience between role creation and role governance eliminating the need to export roles and insights via CSV.
Continuing to build on Rapid Setup, we are working on adding Identity Processing Thresholds for Rapid Setup and non-Rapid Setup lifecycle events. We are also making improvements to OOTB Attribute Synch that will be tied to Rapid Setup to allow for capabilities such as staged event processing and better traceability of attribute synch events.
Enhanced Lifecycle Management of Privileged Access
IdentityIQ Privileged Access Management module is being improved to automate lifecycle management of the assignment and ownership of privileged access management.
Support Business Justifications for Access Requests and Approvals
Administrators can optionally require that access requests and access approvals to specific roles, applications, or entitlements be accompanied by a business justification.
Improved Active Directory Aggregation
AD aggregations will use the GUID instead of DistinguishedName as the uniqueID for improved accuracy.
Protect the security and integrity of your access governance practice by using custom classifications to categorize and flag sensitive access. Classifications can alert you when requesting, granting, or approving roles or entitlements will give the user access to sensitive, protected, or otherwise significant data.
Bring key data governance features to the IdentityIQ business user by integrating with File Access Manager. This integration puts a Data Governance menu and widgets on the IdentityIQ dashboard, providing direct access to the File Access Manager website and giving users the context needed to make informed access decisions.
Add efficiency and speed to your approval process by allowing automatic approval of access based on recommendations from IdentityAI.
Localization of Recommendations
Expand the global use of IdentityAI recommendations for access requests or certifications, by presenting recommendation information in English, German, French, Dutch, Spanish, and Italian.
Make the certification process clearer and more transparent for both reviewers and users by requiring reviewers to include comments when revoking access in a certification, and by showing more entitlement details to reviewers about the roles they are reviewing.
Support for Google Cloud Platform
Hosting IdentityIQ within Google Cloud’s IaaS Platform is now a supported option.
New SCIM API for alerts, allowing the creation of new alerts (POST) and checking the status of existing alerts (GET).
Access Management Enhancement
A new Quicklink configuration setting (“What can members remove?”) gives you flexibility and control over what users can view and remove on the Remove Access tab, when managing user access.
Expanded 508/WCAG Compliance
The Edit Preferences page is now 508/WCAG compliant, and is enhanced with a user-friendly multi-tab format.
Expanded OAuth Support
IdentityIQ now supports OAuth on all REST endpoints within IdentityIQ, including the Plugin Framework.
Gain deeper visibility into managing the risks associated with user access, using the artificial intelligence and machine learning capabilities of SailPoint’s AI Services. A simple, out-of-the-box integration with AI Services gives you the power of artificial intelligence insights, providing guidance for decisions on access reviews and access request approvals.
Add security and efficiency to certifications by enabling the automatic deprovisioning of roles and entitlements when a temporary exception period expires. Manage time-limited access proactively by enabling email notification of impending sunsetting and deprovisioning of roles and entitlements.
Add essential attachments such as training certificates or notarized authorizations to access requests. You can make attachments can optional or required, and use rules to define specific requirements.
An expanded default view for Approvals provides full information for all approval items, making it quick and simple for approvers to review and process access requests from a single page, without having to open each item individually to see details and take action.
Expanded plugin features include the ability to leverage classes contained in plugins from any area or feature of IdentityIQ where BeanShell can be used (such as rules, workflow steps, and scriptlets), and support for forms in the plugin configuration UI, giving you more ways to present complex or dynamic options in the plugin’s configuration page.
New context-sensitive help to Targeted Certifications, Access Reviews, and Access Requests.
Support for version 2 of Log4j adds new logging capabilities (specifically, change listening), and changes the logging configuration file name and logging syntax.
Filter or redirect IIQ console output using piping.
IdentityIQ version 8.0 supports OpenJDK.
New Reports for Capabilities
See how access to features within IdentityIQ are assigned to identities in your system, using new reports mapping identities and capabilities.
Four of IdentityIQ’s most commonly-used user interfaces have been updated to be simpler, more intuitive, streamlined, and mobile-friendly: Access Reviews, Access Requests, Work Items, and Managing User Access.
Users with disabilities such as visual and motor impairments now have enhanced accessibility in IdentityIQ’s UI, which follows worldwide WCAG 2.0 and United States 508 Compliance guidelines for keyboard navigation, focus control, screen reader support, and color contrast.
Expanded options for self-certification give finer-grained control over who may validate their own access.
Easily build flexible, full-featured certifications from an intuitive and user-friendly new UI that gives users more control over who, what, and when to certify.
Track the health of both cloud-based and on-premise IdentityIQ environments and enjoy better visibility into the state of your environment using new monitoring and troubleshooting features.
Add robust governance of Robotic Process Automation (RPA or “bot”) identities using new controls and attributes to categorize identities by type.
Make privileged access more secure and convenient by enabling applications that require a login and password to obtain that information directly from a PAM source at runtime.
Enforce separation of duties for effective entitlements using a purpose-built new policy type.
New resiliency features help ensure that cloud-based implementations of IdentityIQ are resilient to the dynamic nature of cloud-hosted environments, and help on-premise implementations minimize the impact of outages, database failures, et cetera.
Onboard and manage applications in bulk using a new task that facilitates simple creation and maintenance of multiple applications.
Enjoy better visibility and control of tasks using a new new task management administrator UI. Monitor task status and performance, choose specific hosts for running tasks, and gather stack trace details.
Avoid unexpected downtime by setting maintenance windows for applications; you can specify when applications are taken offline for maintenance, preventing any interactions with the application’s target system.
Gain a more complete a more complete picture of the access users have on unstructured resources like network file shares, SharePoint, cloud file stores, et cetera, by aggregating unstructured target permissions data from SecurityIQ into IdentityIQ.
Share valuable contextual information about processes between IdentityIQ and SecurityIQ by aggregating activity alert records from SecurityIQ, and use this data to trigger workflows, certifications, and/or notifications in IdentityIQ in response to those alerts.
Processing violations is easier and more intuitive with a new Policy Violations user interface.
All Access Review UIs now use the enhanced and streamlined UI that was introduced in release 7.1.
New enhanced, responsive UIs make tracking requests simpler and more intuitive for requesters and request owners.
Enhanced functionality for plugins includes internationalization, snippet support, Angular support, and the ability to implement your plugin as an IdentityIQ widget.
Make your IdentityIQ access more secure by adding multi-factor authentication.