Skip to content

SailPoint Customer Agreements Definitions and Additional Terms

You can review the current definitions used by SailPoint, Additional Terms applicable to specific SailPoint Offerings, the SailPoint Identity Security Cloud Suites, and deprecated definitions.

Capitalized terms that are used and not defined herein have the meanings given to them in the then-current SailPoint Framework Customer Agreement at https://www.sailpoint.com/legal/customer-partner-agreements.

Current Definitions

Last Updated: March 24, 2026

Identity-driven Product Licensing - SailPoint’s Identity Security products are singularly licensed by Identity according to the following identity profiles, which reflect the type of identity that an Identity Cube represents:

  • Identity [-IU] - A Person, Machine Account, or AI Agent who has access within the governed environment or is managed by the SaaS services.

    • Person - A human being regarded as an individual.
    • Machine or Machine Account - Built-in accounts, devices, service accounts, automations, workloads or any other non-human mechanism that use business processes, workflows and/or artificial intelligence to complete the autonomous execution of one or more processes, activities, transactions, and/or tasks in one or more systems to deliver work output, excluding AI Agents (which are treated as a separate identity type for pricing purposes).
    • AI Agent - Any distinct agent, assistant, agentic workflow, or other software system that, whether independently or in response to human or environmental inputs, utilizes artificial intelligence models, machine learning, or algorithmic decision-making to perform tasks, process data, generate content, or interact with users and its environment in a manner that may simulate human-like decision-making or responsiveness and exhibit non-deterministic behavior. For clarity, Machine accounts are not eligible to be governed as AI Agents using Agent Identity Security or other AI Agent-focused offerings.
    • Browser Profile - A profile used in any browser on which a customer has deployed a SailPoint browser extension.

  • Lite Identity [-LU] - A Person or Machine whose access within the governed environment is limited to five (5) Sources.

  • Inactive - An Identity or Lite Identity for which, as applicable: (a) the Identity State is set to “inactive” in Identity Security Cloud or IdentityIQ, or (b) the profile is set to “archived” in Non-Employee Risk Management.

    In addition to the Active Identities, Customers are entitled to store a limited number of Inactive Identities, in an amount not to exceed thirty percent (30%) of the combined total licensed Identities and Lite Identities. Inactive Identities are only applicable in the services set forth above.

Required Software - If provided by SailPoint for installation and use with the SaaS Services to which Customer has subscribed, a virtual machine that connects Customer’s Sources using public APIs, connectors, and integrations to the SaaS Services. If applicable, Required Software will be identified in the Documentation.

Source(s) - Customer-managed or subscribed to target system for reading data from, and if supported by the specific system, writing changes to, user accounts governed by the SailPoint Offerings.

Product-Specific Terms

Last Updated: April 28, 2026

Product-Specific Terms have been moved to https://www.sailpoint.com/legal/product-specific-terms.

SailPoint Identity Security Cloud Suites

Last Updated: April 21, 2026

Acceptable Use Limitations

For SailPoint customers with an existing subscription for SailPoint Offerings and who have executed an order prior to November 1, 2025, the column titled Prior Usage Allowance applies. These allowances will remain in effect until the next renewal of your order or new order, as applicable.

For new SailPoint customers who place an order for a new subscription, or existing SailPoint customers whose order renewal date falls on or after November 1, 2025, the column titled Acceptable Use Limits applies as of the effective date of your new order or renewal term, as applicable.

Unless indicated otherwise, the following allowances and limits apply at the tenant level.

Suite Prior Usage Allowance Acceptable Use Limits
SailPoint Identity Security Cloud Foundations
  • Unlimited API calls
  • Entitlements - No applicable limits
  • 15 enabled workflows with 20 steps per workflow
  • 100 distinct sources from the SailPoint connector library
  • Integrations - may add up to 5 paid integrations (additional cost)
  • API Calls - No applicable limits
  • Entitlements - No applicable limits
  • 15 enabled workflows with 20 steps per workflow
  • Access to full SailPoint connector library
  • Integrations - No limit on paid integrations (additional cost)
SailPoint Identity Security Cloud Standard
  • Unlimited API calls
  • Entitlements - No applicable limits
  • 15 enabled workflows with 20 steps per workflow
  • 100 distinct sources from the SailPoint connector library
  • Integrations - may add up to 5 paid integrations (additional cost)
  • API Calls - No applicable limits
  • Entitlements - No applicable limits
  • 15 enabled workflows with 20 steps per workflow
  • Access to full SailPoint connector library
  • Integrations - No limit on paid integrations (additional cost)
SailPoint Identity Security Cloud Business
  • Unlimited API calls
  • Entitlements - No applicable limits
  • 25 enabled workflows with 50 steps per workflow
  • Access to full SailPoint connector library
  • Integrations - No limit on paid integrations (additional cost)
  • API Calls - No applicable limits
  • Entitlements - No applicable limits
  • 50 enabled workflows with 50 steps per workflow
  • Access to full SailPoint connector library
  • Integrations - No limit on paid integrations (additional cost)
SailPoint Identity Security Cloud Business Plus
  • Unlimited API calls
  • Entitlements - No applicable limits
  • Unlimited enabled workflows
  • Access to full SailPoint connector library
  • Integrations - No limit on paid integrations (additional cost)
  • API Calls - No applicable limits
  • Entitlements - No applicable limits
  • 200 enabled workflows with 100 steps per workflow
  • Access to full SailPoint connector library
  • Integrations - No limit on paid integrations (additional cost)
SailPoint Atlas Enterprise
  • API calls - No applicable limits
  • Entitlements - No applicable limits
  • Enabled workflows - No applicable limits
  • Connectors - No applicable limits
  • Integrations - No applicable limits
  • API Calls - No applicable limits
  • Entitlements - No applicable limits
  • 300 enabled workflows with 100 steps per workflow
  • Access to full SailPoint connector library
  • Integrations - No limit on paid integrations (additional cost)
  • Dashboards - Up to 4 personal dashboards for administrators. Up to 20 shared dashboards per tenant.

SailPoint Identity Security Cloud Foundations

The Identity Security Cloud Foundations offering is for smaller organizations that are just starting with identity security and are focused on solving immediate identity problems such as access request automation, basic certifications, and visibility into access. To learn if Foundations is right for you, contact your SailPoint account team.

SailPoint Identity Security Cloud Foundations includes the following (subject to the usage limitations set forth in the Acceptable Use Limitations table):
SailPoint Atlas Workflows and Forms

Access to APIs and event triggers
Access Modeling Role definition, management, and role assignments

Customer-Defined Access Model Metadata
Application Onboarding Application discovery

Source configuration recommendations
Lifecycle Management Automated access provisioning

Change management of users to applications

Automated removal of access

Access requests and approvals

Task Reassignment - individual users
Compliance Access reviews and certifications

Separation of Duties
Analytics Access Intelligence Center - view only

Access History

MySailPoint
Harbor Pilot Documentation Q&A

Note: Only available for customers in AWS regions where the Amazon Bedrock LLM that SailPoint employs is supported.

SailPoint Identity Security Cloud Standard

The Standard suite is ideal for smaller organizations seeking to consolidate identity tools and processes into a single identity security solution for better visibility and control over access.

SailPoint Identity Security Cloud Standard includes the following (subject to the usage limitations set forth in the Acceptable Use Limitations table):
SailPoint Atlas Workflows and Forms

Access to APIs and event triggers
Access Modeling Role definition, management, and role assignments

Customer-Defined Access Model Metadata
Application Onboarding Application discovery

Source configuration recommendations
Lifecycle Management Automated access provisioning

Change management of users to applications

Automated removal of access

Access requests and approvals

Task Reassignment - individual users
Compliance Access reviews and certifications

Separation of Duties
Analytics Access Intelligence Center - view only

Access History

MySailPoint
Harbor Pilot Documentation Q&A

Note: Only available for customers in AWS regions where the Amazon Bedrock LLM that SailPoint employs is supported.
SailPoint MCP Server Supports standard Model Context Protocol (MCP) for integration with GenAI applications and frameworks

SailPoint Identity Security Cloud Business

The Business suite is ideal for organizations that are replacing an existing identity governance solution or adding automation and some AI functionality into their identity security program for stronger security and governance controls.

SailPoint Identity Security Cloud Business includes everything in Standard, plus (subject to the usage limitations set forth in the Acceptable Use Limitations table):
SailPoint Atlas Workflows and Forms

Access to APIs and event triggers
Access Modeling Role Insights, Discover Common Access, and Role Discovery
Application Onboarding Application discovery

Source configuration recommendations
Lifecycle Management Access request recommendations

Access request administration
Compliance Access certification recommendations
Analytics Access Intelligence Center - author reports and dashboards

Access History with Activity Insights

Outliers - view only

MySailPoint
Harbor Pilot Documentation Q&A and Workflows Generator

Note: Only available for customers in AWS regions where the Amazon Bedrock LLM that SailPoint employs is supported.
SailPoint MCP Server Supports standard Model Context Protocol (MCP) for integration with GenAI applications and frameworks

SailPoint Identity Security Cloud Business Plus

The Business Plus suite is ideal for organizations that want to transform their identity security program with advanced capabilities and AI functionality for extended automation, stronger security and governance, and deeper insights into their identity program.

SailPoint Identity Security Cloud Business Plus includes everything in Business, plus (subject to the usage limitations set forth in the Acceptable Use Limitations table):
SailPoint Atlas Workflows and Forms

Adaptive Approvals

Access to APIs and event triggers
Access Modeling Role Insights, Discover Common Access, and Role Discovery
Application Onboarding Application discovery

Source configuration recommendations
Lifecycle Management Access request recommendations

Access request administration
Compliance Access certification recommendations
Analytics Access Intelligence Center - author reports and dashboards

Access History with Activity Insights

Outliers

MySailPoint
Harbor Pilot Documentation Q&A and Workflows Generator

Note: Only available for customers in AWS regions where the Amazon Bedrock LLM that SailPoint employs is supported.
SailPoint MCP Server Supports standard Model Context Protocol (MCP) for integration with GenAI applications and frameworks

SailPoint Identity Security for SAP

Last Updated: October 17, 2024

SailPoint Identity Security for SAP includes the following integrations:
SAP Basic ¹ Customer can choose 4 of the following SailPoint integrations:

• SAP Concur

• SAP Ariba

• SAP Fieldglass

• SAP Analytics Cloud

• SAP SuccessFactors Employee Central

• SuccessFactors LMS (Learning Management Solution)

• SAP Commerce Cloud

• SAP Integrated Business Planning
SAP Core ¹ Includes all integrations offered under the SAP Basic package, plus:

On-premise integrations:

  • SAP Web Portal

  • SAP Sybase

  • SAP HR/HCM

  • SAP HANA Database (on-premise and cloud)

  • SAP Business Suite

  • SAP GRC (with preventive risk violation checks and GRC-IAG bridge support)

Cloud and hybrid services integrations:

  • S/4HANA Public Cloud

  • SAP BTP Cockpit

  • SAP Identity Directory

  • SAP Direct for S/4HANA Private Cloud (SAP RISE offering)
SAP Advanced Includes all integrations offered under the SAP Core package, plus:

• SailPoint Access Risk Management (ARM)

¹ SailPoint reserves the right to add or remove integrations from each package at any time. SailPoint is not responsible for and cannot guarantee the availability of any SAP products or services. Customer understands that integrations might become unavailable at any time due to changes to the connected SAP products or services that are outside of SailPoint’s control. In such an event, Customer will not be entitled to receive any refund of fees paid or discount on future fees owed.

Deprecated Definitions

Last Updated: October 26, 2023

Identity Cube - A unique collection of identity data for an active individual human, non-human, or other user that will be governed by SailPoint SaaS Services or Software. An active identity is one that is currently associated with the customer's business, requiring access to enterprise systems, applications, and resources to fulfill a business function or role. The actual types of Identity Cube are as follows: 

  • Business Partner - Non-employees or affiliates who will be accessing the Customer’s network as part of the Customer’s normal business operations (e.g., providing access to a quoting system for independent insurance brokers). These types of Identity Cubes are limited to 5 governed sources per non-employee or affiliate.

  • Lite User - Employees, contractors, alumni, former employees, or other persons who do not interact daily with the software as part of the customer’s normal business operations. These types of Identity Cubes are limited to 5 governed sources per employee, contractor, alumnus, former employee, or other person.

  • Non-Human - A preconfigured software instance that uses business processes and/or artificial intelligence to complete the autonomous execution of one or more processes, activities, transactions, and/or tasks in one or more systems to deliver work output. This includes IoT devices that can be used to automate processes, monitor/control operations, and even optimize supply chains. In each case, the RPA, Bot, or IoT device has access to one or more systems or applications, and that access needs to be governed like any other Identity. This excludes service accounts that are used to run and manage applications in databases or operating systems. Only applicable to Identity IQ Software. 

Source - A customer-specified enterprise system, applications, or resource for reading from, and—if supported by the specific system—writing changes to, user accounts. The connection to a Source is managed via connectors (e.g., a customer’s employee using SaaS Services or Software to connect to a customer-approved HR system or expense reporting application).

SailPoint Identity Security Cloud Business - Suite - Includes the following:

  • IdentityNow Access Certification

  • IdentityNow Separation of Duties 

  • IdentityNow Access Request

  • IdentityNow Provisioning

  • SailPoint Access Insights 

  • SailPoint Recommendation Engine

  • SaaS Workflows 

SailPoint Identity Security Cloud Business Plus - Suite - Includes SailPoint Identity Security Cloud Business suite, plus the following:

  • SailPoint Cloud Infrastructure Entitlement Management

  • SailPoint SaaS Management 

  • SailPoint Access Modeling

Internal Identity [-IU] - A machine or person who has access within the governed environment to greater than five (5) Sources.