SailPoint boosts Identity Security Cloud with expanded AI controls

SailPoint has introduced a range of new enhancements to its Identity Security Cloud, with a focus on visibility, control, and scalability across all types of enterprise identities.

The recent updates include enhancements in non-employee risk management, machine identity security, and connectivity integrations. These additions respond to increasing complexity in enterprise digital environments, where both human and machine identities must be managed securely.

Addressing evolving identity governance

"As digital ecosystems expand, enterprises must govern not only humans but also the rise of machine and agent identities-identities that often outpace the capabilities of legacy tools," said Chandra Gnanasambandam, EVP of Product and CTO, SailPoint. "These identities often remain undiscovered or under-governed, creating unmanaged privileges and security gaps. SailPoint is addressing these challenges with differentiated features across our portfolio, all designed to deliver automation, context and precision at scale."

SailPoint Identity Security Cloud now covers employees, non-employees, machines and agents. The solution automates lifecycle controls, reduces standing privileges, and embeds context-rich controls aimed at minimising risk while supporting enterprise agility. Newly enhanced flexible access models, reconciliation processes, and task delegation tools are designed to help organisations meet compliance requirements while reducing operational overheads.

Gnanasambandam added, "We aren't incrementally checking boxes. We are building momentum across our unified platform that gives enterprises a strategic advantage: the ability to move faster while staying secure."

Non-employee risk management expansion

The Non-Employee Risk Management solution now integrates with Microsoft Entra Verified ID, which allows organisations to use third-party verified credentials and biometric verification for onboarding non-employees. This is intended to increase the speed and reliability of identity verification for external workers, contractors, and other third-party personnel.

With features such as bulk approvals, attribute synchronisation and direct role provisioning, companies are able to manage third-party identities in a similar way to internal employees. This reduces the need for manual processing and can help eliminate oversight when managing extended workforce populations.

Luca Barezzani, ICT Security Senior Specialist at Illimity Bank, commented on the impact of these functions: "SailPoint Non-Employee Risk Management functions have enabled us to automate the Joiner-Mover-Leaver cycle of consultants. They can now be managed directly by internal contacts, without going through any IT department, tickets or approvals. At the same time, Non-Employee Risk Management secures and streamlines the collection of personal data needed for the most critical applications and making the employee himself autonomous in this step."

Machine identity security enhancements

The governance of machine identities is an area highlighted for its growing significance. SailPoint's Machine Identity Security introduces mechanisms for discovery, classification, and ownership alignment of machine accounts. It supports multi-host classification, allowing administrators to define account rules once and apply them broadly, improving consistency and efficiency.

The system now enables organisations to create account sub-types, distinguishing between service accounts, bots and shared accounts. Assigning multiple owners to machine identities and establishing succession plans for ownership transfer are expected to help avoid risks related to orphaned accounts. A new centralised dashboard gives administrators visibility over machine access entitlements for improved management of account permissions.

Connectivity improvements

Connectivity enhancements involve wider integration with enterprise tools, such as SAP GRC Firefighter access and BeyondTrust, as well as improved support for MacOS password resets and JDBC for low-code provisioning scenarios. The updated Virtual Appliance can now support multiple security products, consolidating management and deployment for organisations.

These changes build on the firm's previous announcement related to Advanced Application Management, aiming to bring enhanced application visibility, compliance, and governance. SailPoint's recent acquisition of certain assets from Savvy supports further expansion of these connectivity and unification initiatives, broadening the range of applications that can be secured through the Identity Security Cloud.

Matt Mills, President, SailPoint, explained the motivation behind this approach: "Identities multiply faster than ever before, and enterprises need visibility, control and agility to protect what matters most while moving at the pace of business. We're reimagining identity security for the realities of the modern enterprise by unifying governance across every identity type to close the gaps that siloed, legacy approaches leave behind. In a world where identity drives both digital transformation and risk, SailPoint delivers the confidence enterprises need to thrive."