According to Gartner, “Access management has become the source of trust for identity-first security.” Expanded reliance on identities for on-the-go access calls for solutions to be more reliable and simpler to embrace.

The current solution offerings from Identity Governance and Administration (IGA), and Privileged Access Management (PAM) vendors are unable to provide effective application access controls because the user entitlements defined in these systems are based on high-level abstract roles that are unreliable at assessing risks in complex enterprise application security privileges. As a result, 31% of the IGA customers are replacing their IGA solutions where the incumbent solution does not meet the requirement - according to the Gartner Market Guide for Identity Governance and Administration, 2020.

SailPoint, founded in 2005, offers an Identity Governance and Administration suite called IdentityIQ, which includes several modules that can be configured to automate the access management processes. Recently SailPoint has also introduced IdentityNow - a multi-tenant IGA cloud version similar to IdentityIQ.

In the last few years, business needs for effective access controls have evolved, beyond the general IGA capabilities in response to growing compliance mandates and increased cyber security risks. On March 2021, SailPoint announced the completion of its acquisition of ERP Maestro - an access security and compliance software solution for companies running SAP to address these needs. If you're running SAP, this new capability is a much-needed addition and is great news for SAP customers. However, if you're running Oracle ERP (SafePaaS integrates into all Oracle applications including Oracle E-Business Suite, Oracle ERP Cloud, J D Edwards, PeopleSoft and NetSuite) there are more robust, cost-effective solutions on the market that require less expertise to deploy or manage than legacy IGA solutions. SafePaaS already comes with out-of-the-box segregation of duties policies for all these Oracle applications and provides enhanced IGA capabilities and Identity Orchestration to offer deeper capabilities for segregation of duties in access request management (iAccess™). SafePaaS allows organziations to not only increase value with proven ROI but reduce risk. 

IGA customers are demanding specialized capabilities based on new control objectives to address the following gaps in the general-purpose IGA systems:

• Lack the ability to configure access rules in terms of fine-grained privileges in the enterprise application security model.
• Focus is on “birthright” access for all user rights, whereas IT audit requires control evidence for enterprise access users with hundreds of privileges to sensitive data, transactions, and functions.
• Lack of support for short-lived, just-in-time elevated access required for emergency support – privileged access management (PAM).
• Single Sign-on to business applications for “birthright” users does not control provisioning fined-grained privileges that violate company policies such as Segregation-of-Duties or Data Privacy.
• Inability to monitor or manage user activity in enterprise applications required for “lookback” analysis when a risk is materialized.
• Unable to support business process owners and control owners need to certify user access or activity log to support periodic access certification.
• Lack of functionality to support complete security and application administrators need to maintain role design and update entitlement to remediate inherent risks in thousands of privileges available in enterprise applications.

To address the challenges we are hearing from both customers and the market, SafePaaS continues to enhance our platform and offer seamless integrations with SailPoint for Oracle ERP customers. 

While customers’ priorities are unique, we can quickly deploy SafePaaS controls for SailPoint based on a risk-based approach for maximum impact. Our goal is to provide simple, pinpoint control solutions that require less effort from the customer, IGA administrators and other staff in the CISO team.