Skip to content

SailPoint Customer Agreements Definitions

Current Definitions

Last Updated: July 20, 2023

Identity-driven Product Licensing - SailPoint’s Identity Security products are singularly licensed by Identity according to the following identity profiles, which reflect the type of identity that an Identity Cube represents:

  • Internal Identity [-IU] - A machine or person who has access within the governed environment to greater than five (5) Sources.

    • Machine defined - A preconfigured software instance, RPA/Bot/IoT device, or service account that uses business processes, workflows and/or artificial intelligence to complete the autonomous execution of one or more processes, activities, transactions, and/or tasks in one or more systems to deliver work output.

    • Person defined - A human being regarded as an individual.

  • Lite Identity [-LU] - A machine or person whose access within the governed environment is limited to five (5) Sources.

  • Inactive - Any of the above types of Identity Cubes that no longer are associated with the Customer. Inactive Identity Cubes cannot manage passwords, certify access, or be provisioned. Accounts contained in these cubes are disabled, so they cannot access customer IT resources. Customers are entitled to store Inactive Identity Cubes up to thirty percent (30%) of the combined total licensed identities across all types of Identity Cubes. Only applicable to SailPoint SaaS Services. 

Source(s) - Customer-managed or subscribed to target system for reading data from, and if supported by the specific system, writing changes to, user accounts governed by the SailPoint Offerings.

SailPoint Identity Security Cloud Suites

  • SailPoint Identity Security Cloud Business – Suite includes the following: 

    • IdentityNow Access Certification

    • IdentityNow Separation of Duties 

    • IdentityNow Access Request

    • IdentityNow Provisioning

    • SailPoint Access Insights 

    • SailPoint Recommendation Engine

    • SaaS Workflows 

  • SailPoint Identity Security Cloud Business Plus - Suite includes SailPoint Identity Security Cloud Business suite plus the following:

    • SailPoint Cloud Infrastructure Entitlement Management

    • SailPoint SaaS Management 

    • SailPoint Access Modeling 

Deprecated Definitions

Last Updated: July 20, 2023

Identity Cube - A unique collection of identity data for an active individual human, non-human, or other user that will be governed by SailPoint SaaS Services or Software. An active identity is one that is currently associated with the customer's business, requiring access to enterprise systems, applications, and resources to fulfill a business function or role. The actual types of Identity Cube are as follows: 

  • Internal - Any person that is an employee or contractor to whom a customer provides access to internal or external systems as part of the customer’s normal business operations.

  • Business Partner - Non-employees or affiliates who will be accessing the Customer’s network as part of the Customer’s normal business operations (e.g., providing access to a quoting system for independent insurance brokers). These types of Identity Cubes are limited to 5 governed sources per non-employee or affiliate.

  • Lite User - Employees, contractors, alumni, former employees, or other persons who do not interact daily with the software as part of the customer’s normal business operations. These types of Identity Cubes are limited to 5 governed sources per employee, contractor, alumnus, former employee, or other person.

  • Non-Human - A preconfigured software instance that uses business processes and/or artificial intelligence to complete the autonomous execution of one or more processes, activities, transactions, and/or tasks in one or more systems to deliver work output. This includes IoT devices that can be used to automate processes, monitor/control operations, and even optimize supply chains. In each case, the RPA, Bot, or IoT device has access to one or more systems or applications, and that access needs to be governed like any other Identity. This excludes service accounts that are used to run and manage applications in databases or operating systems. Only applicable to Identity IQ Software. 

Source - A customer-specified enterprise system, applications, or resource for reading from, and—if supported by the specific system—writing changes to, user accounts. The connection to a Source is managed via connectors (e.g., a customer’s employee using SaaS Services or Software to connect to a customer-approved HR system or expense reporting application).