SailPoint Identity Security Cloud vs Saviynt Enterprise Identity Cloud (EIC)

SailPoint Identity Security Cloud (ISC) and Saviynt Enterprise Identity Cloud (EIC) are two leading solutions in the Identity and Access Management (IAM) space, primarily focused on providing secure, cloud-based identity solutions for enterprise environments. Here's a comparison that breaks down their capabilities, strengths, and notable differences. 

Criteria	SailPoint Identity Security Cloud	Saviynt Enterprise Identity Cloud
Overview and Core Capabilities	SailPoint Identity Security Cloud is a cloud-native identity governance platform that focuses on providing lifecycle management, compliance controls, and advanced access provisioning capabilities. SailPoint offers deep identity governance features and uses machine learning to enhance the user experience and improve access certification processes. SailPoint is especially strong in role management, providing intelligent identity decisions, and managing complex role hierarchies across various applications and systems, especially for hybrid and multi-cloud setups.	Saviynt EIC is a comprehensive identity governance and cloud security platform that combines access management, identity governance, privileged access management, and application governance under one solution. Saviynt’s approach is tailored to meet the demands of large, complex enterprises by providing granular access control and compliance automation. Saviynt is particularly known for integrating well with cloud infrastructure providers (AWS, Azure, Google Cloud) and applications, making it a strong choice for cloud-forward enterprises.
Identity Governance	SailPoint’s governance features are known for their adaptability, with emphasis on AI-driven recommendations and streamlined certification. SailPoint’s machine learning algorithms can analyze access patterns and highlight risky or out-of-compliance users, providing suggestions for role creation, access rights adjustment, and certification campaigns. SailPoint is also widely used for policy management and automating governance for complex application ecosystems in large organizations.	Saviynt places a strong emphasis on identity governance with robust controls for user lifecycle management, compliance, and data security. Its capabilities include risk-based analytics, policy enforcement, and identity workflows that help ensure compliance with stringent regulations (e.g., HIPAA, SOX, GDPR). Saviynt provides access request management, identity certification, and automated role-based access provisioning to maintain stringent governance over identities.
Integration and Ecosystem Support	SailPoint provides integration with over 100 enterprise applications and systems, as well as a large number of pre-built connectors. Its cloud-native architecture facilitates API-based integrations with SaaS platforms, making it effective for multi-cloud and hybrid cloud architectures. SailPoint’s identity security platform works with leading security tools and platforms to enhance data protection and reduce risk across complex IT landscapes.	Saviynt’s Enterprise Identity Cloud supports a wide range of integrations, including with major cloud providers (AWS, Azure, GCP), applications (ServiceNow, SAP, Salesforce), and on-prem systems. Its ecosystem support is particularly advantageous for enterprises with a broad mix of cloud and legacy applications. Saviynt also offers tight integration for privilege access and application entitlement governance, making it versatile for varied infrastructure.
Automation and AI/ML Capabilities	SailPoint is known for its strong AI/ML foundation that underpins its identity governance capabilities. SailPoint’s platform can provide recommendations for role optimization, risk scoring, and certification processes based on machine learning insights. The AI-driven recommendations help security teams make faster, data-informed decisions on access requests, reducing overhead and increasing efficiency	Saviynt has introduced AI/ML features for anomaly detection and to streamline identity lifecycle management processes. It offers workflow automation to detect and resolve access violations proactively, enhancing security through early threat identification and rapid mitigation. Saviynt’s intelligence layer supports predictive analytics to anticipate risky activities based on access patterns and user behavior.
Privileged Access Management (PAM)	SailPoint does not natively include PAM capabilities but is designed to integrate seamlessly with leading PAM solutions, such as CyberArk or BeyondTrust. This approach allows organizations to choose a PAM provider that best fits their needs while leveraging SailPoint’s governance capabilities to control privileged access with strong oversight and compliance management.	Saviynt’s platform includes built-in PAM capabilities, allowing organizations to manage privileged accounts directly from the EIC. This feature enables a single, integrated approach to both identity governance and privileged access management, which is beneficial for enterprises looking to simplify their IAM landscape. It supports session monitoring, credential management, and just-in-time access for privileged accounts.
Deployment and Scalability	SailPoint is entirely cloud-native, making it ideal for organizations looking to scale rapidly within a cloud-first environment. It allows seamless scaling across multi-cloud and hybrid IT infrastructures and is suitable for organizations prioritizing cloud-based security. SailPoint’s cloud-native design also simplifies maintenance and updates, reducing dependency on IT resources for patches and upgrades.	Saviynt’s EIC is flexible, offering deployment options across public cloud, private cloud, and hybrid environments, enabling organizations to scale up or down based on need. Saviynt’s platform is built for scalability, suitable for large enterprises with high identity governance needs and complex application ecosystems.
Compliance and Audit Features	SailPoint offers comprehensive audit and compliance tools, along with automated reporting for various compliance requirements. SailPoint’s certification campaigns are intuitive, leveraging machine learning to reduce time spent on access reviews and facilitate quicker, more accurate compliance assessments. This is beneficial for compliance-heavy environments, particularly in financial services, healthcare, and government sectors.	Saviynt provides strong compliance features, particularly valuable for highly regulated industries. It includes automated audit trails, continuous compliance monitoring, and access certification processes to meet regulatory demands. The platform provides ready-made templates and custom policies to assist in compliance with various global regulations.
User Experience	SailPoint’s interface is recognized for its simplicity and usability. The platform is intuitive for both technical and non-technical users, making it easier for organizations to manage identity governance without requiring extensive training. SailPoint’s focus on a streamlined experience extends to its mobile app, which provides remote management capabilities.	Saviynt offers a user-friendly interface that provides rich analytics and visualization options for identity management and compliance tracking. It allows IT teams and administrators to monitor identity health across the organization in a single pane of glass, which enhances operational efficiency.

 

Conclusion 

Both ISC and EIC are powerful platforms with comprehensive identity and access management capabilities. Saviynt stands out in integration flexibility, built-in PAM, and suitability for enterprises needing extensive cloud infrastructure governance. SailPoint, on the other hand, excels in AI-driven governance, simplicity in user experience, and deep integration support, particularly for hybrid and multi-cloud environments.

• Choosing between the two depends on an organization’s specific needs: 
• Saviynt EIC is ideal for complex, multi-environment infrastructures with a need for integrated PAM.
• SailPoint ISC is best for organizations prioritizing AI-driven governance and looking for a straightforward, cloud-native solution.

Both platforms are excellent choices, and the final decision will often come down to the specific regulatory, security, and scalability needs of the enterprise.

 

How to setup postman to access IdentityNow api

• Download the latest version(v3) apis from - https://developer.sailpoint.com/apis/v3/                
• The downloaded file will come with name - swagger.json 
•  Download and install postman - https://www.postman.com/downloads/ 
•  Import the downloaded swagger.json

• Import will come as collection - SailPoint - SaaS API. Now set the tenant variable "INITIAL VALUE" and "CURRENT VALUE" values in "Variables" tab in Collection   - 

• Now go to "Authorization" tab in Collection and set the below parameters  - 
• "Type" - select as "OAuth2.0"
• In "Configure New Token" section set below parameters - 
• "Token Name" - Provide any name which you like.
• "Grant Type" - select as "Client Credentials"
• "Access Token URL" - provide access token url like https://youtenant.api.identity.com/oauth/token
• "Client ID"  - Which you have setup in your tenant by admin for you.
• "Client Secret" - from above step when you setup clientid, it will give you secret as well.
• Then click on "Get New Access Token"
• Then click on "Use Token"
• Now as the access token is setup at collection level, you can use this to hit any end point.

OIM MDS Export & Import

WLST command to export and import from OIM MDS files.

WLST Connection  -

 cd $OIM_HOME/oracle_common/bin

 ./wlst.sh

 connect('weblogic',  'XXXXXX', 't3://host:port')

* Provide weblogic hostname & port

MDS Export command

Export all OIM Files - exportMetadata(application='oim',server='wls_oim1',toLocation='/tmp/mds/oim_mds')

Export all SOA Files - exportMetadata(application='soa-infra',server='wls_soa1',toLocation='/tmp/mds/soa_mds')

MDS Import command

Import all Files - importMetadata(application='oim',server='wls_oim1',fromLocation='/tmp/mds/oim_mds')

Import all SOA Files - importMetadata(application='soa-infra',server='wls_soa1',toLocation='/tmp/mds/soa_mds')

Frequently asked questions in IAM job interview

Below are list of questions asked these days in IAM interview. Normally, the interview process depends on what product specialization you have mentioned in you resume. Here i am trying to cover most general questions including Sailpoint, Okta, Forgerock, Ping, Oracle.

General -

• What is identity and access management (IAM) ?
• What is cloud identity management and tell us some example ?
• What is SSO ? Have you done SSO integration by using any product ?
• What is role based IAM model and how you can implement it by using any IAM product ?
• What is identity or digital identity ? Explain with example ?
• What is authentication ?
• What is authorization ?
• What is difference between authentication and authorization ?

Sailpoint IIQ -

• Which product you have worked on and on which version ?
• What is identity governance in Sailpoint ?
• What all capabilities IIQ provides ?
• What are IIQ default urls ?
• What is life-cycle manager ?
• What is compliance manager ?
• Do you have any experience in IdentityNow ? what is major difference between IIQ and IDN?
• What all types of OOTB role available in Sailpoint IIQ ?
• Does IIQ supports approval ?
• What is workflow ?
• What is a provisioning plan ?
• How to create custom workflow ? High level steps.
• Could you please explain password management in Sailpoint  ?
• What is the default admin username in IIQ?

OKTA -

• How much experience do you have in OKTA implementation ?
• What all OKTA products are in market ?
• What is MFA ?
• Explain OKTA universal directory and use ?
• What is single sign on ?
• What is SAML ?
• What is difference between SAML, WS-FED, and OIDC ?
• What is use of OKTA Browser plugin ?
  
• Explain life cycle management in OKTA ?
• What is the use Okta Integration Network ?
• What all factor types available in OKTA ?
• DO you know what is Trust.okta.com ?

Forgerock -

• What all products Forgerock provides ?
• What is Single Sign-On(SSO)?
• What is the difference between authentication and authorization
• What is OpenAM?
• What is OpenIDM?
• What Is SAML?
• How OpenAM authorization works ?
• What is Refresh Token?
• How to onboard an application in OpenIDM?
• High level - How to protect to web page using OpenAM?
• What is user authentication and how it works ?
• What all protocal OpenAM supports ?
• Can i install OPenIDM without any external directory and DB ? If yes then where it stores the data ?
• What is the default session cookie name in OpenAM?
• How many types of cookies generated by OpenAM?
• What is a Policy Agents ?
• What is the default admin username in OpenAM?
• What are the Agents supported by OpenAM?
• What is SAML Metadata URL in OpenAM?
• What is Refresh Token lifetime and scopes?
• What are the OAuth2/OIDC endpoints?

Stay tuned will add more questions for each products.

Difference between Identity and Access Management(IAM) vs Consumer/Customer Identity and Access Management(CIAM)

This is a very typical question asked and searched on the web most of the time - what is the difference between IAM and CIAM. Below are the few points which can clarify this -

• IAM is typically used for employees where as CIAM is typically used for external users like Consumers or customers.
• In IAM typically users are registered by employee on boarding process but in CIAM in most of the scenario its self registration.
• IAM is typically bound in closed company network where as CIAM is typically public facing.
• In IAM, identity data is collected to monitor and control the access where as in CIAM its typically transnational, marketing, advertisement etc.
• Also, IAM is typically more restrictive as its used to access the internal resource where as CIAM is more flexible.

These two shares alot of similarities and this is the reason people are more confused. If we list out the capabilities both have common -

• Single Sign on
• User/Customer Life cycle management
• Authorization
• MFA
• Password management
• Federation etc.

Best tool present for IAM and CIAM -  Sailpoint IIQ, OKTA, Forgerock, Ping, Oracle etc.. All these tools can be utilized for both IAM and CIAM.

Sailpoint - New installation of Accelerator Pack 8.1 on Fresh IIQ 8.1

Approach-1(Installing IIQ and Accelerator Pack Together)

Steps-

• Download “identityiq-8.1.zip” and unzip the file in local machine
• Create a directory identityiq inside the apache folder “C:\Sailpoint\home\apache-tomcat-9.0.36\webapps”
• Copy the identityiq.war file unzipped in step 1 to “C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq”
• Run the below command to unwar the war file. - As i am doing it on windows environment- Convert war in zip and then unzip it. If it linux enviroment user - un -xvf identityiq.war
• Download the Accelerator Pack 8.1 zip file from Sailpoint Compass.
• Extract the Accelerator Pack zip file to a temp folder like C:\Sailpoint\Software\Accelerator_Pack. Please do not extract directly in Sailpoint installation directory.
• Update the Hibernate configuration files in your IdentityIQ installation directory
  Note - If you are doing it on fresh installation where extended attributes are not setup then copy and overwrite all the files else merge the files.
• As this is new installation, you can copy all the *.hbm.xml files from the unzipped Accelerator Pack location’s C:\Sailpoint\Software\Accelerator_Pck\web\WEB-INF\classes\sailpoint\object\ folder to the [IdentityIQ_HOME]\WEB-INF\classes\sailpoint\object\ folder, and overwrite the existing ones.
• If you wish to add custom attributes like department, costCenter or location, add the custom attributes in hbm.xml file.
• As this is new installation, you can copy C:\Sailpoint\Software\Accelerator_Pck\WEB-INF\lib\AcceleratorPack.jar to [IdentityIQ_HOME]\WEB-INF\lib
• As this is new installation, you can copy all files and subfolders under C:\Sailpoint\Software\Accelerator_Pck\web\WEB-INF\config\ to [IdentityIQ_HOME]\WEB-INF\config\
• As this is new installation, you can copy all files under C:\Sailpoint\Software\Accelerator_Pck\images\icons\ to [IdentityIQ_HOME]\images\icons\
• Copy C:\Sailpoint\Software\Accelerator_Pck\web\define\applications\IdentityIQLoopback.xhtml to [IdentityIQ_HOME]\define\applications\
• Open the Accelerator Pack custom properties file: C:\Sailpoint\Software\Accelerator_Pck\web\WEBINF\classes\sailpoint\web\messages\iiqCustom.properties, copy the whole content and append it to the file to IdentityIQ custom properties file: [IdentityIQ_HOME]\WEBINF\classes\sailpoint\web\messages\iiqCustom.properties.
• Create the database schema follow below 3 steps
• Open cmd and navigate to C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\bin
• Execute "iiq schema" to create the schema

• Create the database table using the above schema
• Go to the C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\database and run appropiate file by using database client (used MYSQL Workbench) - C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\database\create_identityiq_tables.mysql
• Update Database Settings that IdentityIQ will use to connect to its repository  - C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\classes\iiq.properties
• By default identityiq will be used as usename and password for identityiq schema.
• Note - Change the default dataSource.password and encrypt it by using IIQ encrypt utility.
• Launch the IdentityIQ console by running the iiq console command from the identityiq_home\WEB-INF\bin directory.   iiq console and then run the below command to import init.xml and init-lcm.xml.

• import init.xml
• init-lcm.xml 
• import init-acceleratorpack.xml
• quit

• Note - Import the default IdentityIQ objects to init and init-lcm in the system can be done via UI as well.
  
  • import init.xml
  • init-lcm.xml 
  • import init-acceleratorpack.xml

• Start Apache Tomcat and test login page via a browser andlLogin into the sailpoint http://localhost:8080/identityiq/login.jsf

           

• Use Spadmin credential to login. Dont forgot to change the password for spadmin
• For verification whether its installed or not  - Go to Administrative Tasks > Installed Accelerator Pack  and check the quick links. Also you can go to Debug pages in Configuration Objects -> System Configuration and verifying that this line is there:
  <entry key="acceleratorPackVersion" value="8.1"/>

           

           

Approach-2 (Installing IIQ and Accelerator Pack Separatly)

Prerequisite -

• Shutdown iiq servers
• Full backup of database.
• Back up all the Hibernate configuration files in the [IdentityIQ_Home]\WEB-INF\classes\sailpoint\object\

Steps -

• Download the Accelerator Pack 8.1 zip file from Sailpoint Compass.
  
• Extract the Accelerator Pack zip file to a temp folder like C:\Sailpoint\Software\Accelerator_Pack. Please do not extract directly in Sailpoint installation directory.
  
• If the servers are running then stop the application server.
• Update the Hibernate configuration files in your IdentityIQ installation directory
  Note - If you are doing it on fresh installation where extended attributes are not setup then copy and overwrite all the files else merge the files.
• As this is new installation, you can copy all the *.hbm.xml files from the unzipped Accelerator Pack location’s C:\Sailpoint\Software\Accelerator_Pck\web\WEB-INF\classes\sailpoint\object\ folder to the [IdentityIQ_HOME]\WEB-INF\classes\sailpoint\object\ folder, and overwrite the existing ones.
• As this is new installation, you can copy C:\Sailpoint\Software\Accelerator_Pck\WEB-INF\lib\AcceleratorPack.jar to [IdentityIQ_HOME]\WEB-INF\lib
• As this is new installation, you can copy all files and subfolders under C:\Sailpoint\Software\Accelerator_Pck\web\WEB-INF\config\ to [IdentityIQ_HOME]\WEB-INF\config\
• As this is new installation, you can copy all files under C:\Sailpoint\Software\Accelerator_Pck\images\icons\ to [IdentityIQ_HOME]\images\icons\
• Copy C:\Sailpoint\Software\Accelerator_Pck\web\define\applications\IdentityIQLoopback.xhtml to [IdentityIQ_HOME]\define\applications\
• Open the Accelerator Pack custom properties file: C:\Sailpoint\Software\Accelerator_Pck\web\WEBINF\classes\sailpoint\web\messages\iiqCustom.properties, copy the whole content and append it to the file to IdentityIQ custom properties file: [IdentityIQ_HOME]\WEBINF\classes\sailpoint\web\messages\iiqCustom.properties.
• Extend your database schema using the IdentityIQ console: Open cmd and go to C:\Sailpoint\home\apache-tomcat-9.0.36\webapps\identityiq\WEB-INF\ and run  iiq extendedSchema
• Update script and comment out all alter table identityiq and create index statements from all extended attributes as those will already be created by IIQ fresh installation.
  
• Open your database client MYSQL workbench and run the script add_identityiq_extensions.mysql
  
• Note- If you see "Error Code: 1060. Duplicate column name 'extended1'" type issue then you may need to modify the script remove all alter table identityiq and create index statements from all extended attributes
• Open the iiq console and run the command
  --> import init-acceleratorpack.xml
• For verification whether its installed or not  - Go to Administrative Tasks > Installed Accelerator Pack  and check the quick links. Also you can go to Debug pages in Configuration Objects -> System Configuration and verifying that this line is there:
• <entry key="acceleratorPackVersion" value="8.1"/>