SailPoint IdentityIQ
IdentityIQ is SailPoint’s self-hosted Identity Governance & Administration (IGA) platform. It delivers access certifications, policy (SoD), access request & approvals (Lifecycle Manager), provisioning via connectors (incl. a SCIM 2.0 connector), and password management. It can integrate with external IdPs for SAML-based SSO to the IdentityIQ UI but is not positioned as a general-purpose IdP for app SSO.
Key Capabilities
-
Access certifications & reviews: Run campaigns to review, approve, or revoke entitlements; supports multiple campaign types and event-based triggers.
-
Lifecycle Manager (access request): Separately licensed module enabling self-service and manager/help-desk access requests with approval workflows tied to provisioning.
-
Provisioning & connectors: Workflow-driven provisioning with a large connector library spanning apps, directories, PAM/ITSM, and cloud platforms.
-
Policy & SoD controls: Define Separation-of-Duties and other preventive/detective policies to flag or block conflicting access.
Limitations
-
Not an IdP for apps: IdentityIQ’s SSO is for logging into IdentityIQ itself (SP role); it is not a general-purpose SAML/OIDC IdP for third-party apps.
-
OIDC role: Public docs do not describe an OIDC provider capability—no confirmation of OIDC IdP features.
-
Licensing segmentation: Lifecycle Manager requires separate licensing/activation.
-
Operations: Customer-managed software—installation, upgrades, clustering, and connector maintenance are your responsibility.
-
SCIM directionality: SailPoint provides a SCIM 2.0 connector for managed systems; validate schemas/operations per target integration.