SailPoint Customer Agreements Definitions
You can review the current definitions used by SailPoint, the SailPoint Identity Security Cloud Suites, and deprecated definitions.
Current Definitions
Last Updated: September 26, 2024
Identity-driven Product Licensing - SailPoint’s Identity Security products are singularly licensed by Identity according to the following identity profiles, which reflect the type of identity that an Identity Cube represents:
-
Identity [-IU] - A Person or Machine who has access within the governed environment or is managed by the SaaS services.
- Person - A human being regarded as an individual.
- Machine - Built-in accounts, devices, service accounts, agents, automations, workloads or any other non-human mechanism that use business processes, workflows and/or artificial intelligence to complete the autonomous execution of one or more processes, activities, transactions, and/or tasks in one or more systems to deliver work output.
-
Lite Identity [-LU] - A Person or Machine whose access within the governed environment is limited to five (5) Sources.
-
Inactive - An Identity or Lite Identity for which, as applicable: (a) the Identity State is set to “inactive” in Identity Security Cloud or, (b) the profile is set to “archived” in Non-Employee Risk Management.
In addition to the Active Identities, Customers are entitled to store a limited number of Inactive Identities, in an amount not to exceed thirty percent (30%) of the combined total licensed Identities and Lite Identities. Inactive Identities are only applicable in the services set forth above.
Source(s) - Customer-managed or subscribed to target system for reading data from, and if supported by the specific system, writing changes to, user accounts governed by the SailPoint Offerings.
SailPoint Identity Security Cloud Suites
Last Updated: April 8, 2024
SailPoint Identity Security Cloud Standard
SailPoint Identity Security Cloud Standard includes the following:
SailPoint Atlas Platform | Workflows and Forms – up to 10 active workflows with up to 20 steps per workflow Connectors – up to 15 distinct sources from the SailPoint connector library Integrations – may add up to 5 paid integrations (additional cost) Unlimited access to APIs and event triggers |
Access Modeling | Role definition, management, and role assignments |
Lifecycle Management | Automated access provisioning Change management of users to applications Automated removal of access Access requests and approvals Task Reassignment – individual users |
Compliance | Access reviews and certifications Separation of Duties |
Analytics | Access Intelligence Center – view only Access History |
SailPoint Identity Security Cloud Business
SailPoint Identity Security Cloud Business includes everything in Standard, plus:
SailPoint Atlas Platform | Workflows and Forms – up to 25 active workflows with up to 50 steps per workflow Connectors – no limit, access to full SailPoint connector library Integrations – no limit on paid integrations (additional cost) Unlimited access to APIs and event triggers |
Access Modeling | Role Insights, Discover Common Access, and Role Discovery |
Application Onboarding | Application discovery and source configuration recommendations |
Lifecycle Management | Access request recommendations Access request administration |
Compliance | Access certification recommendations |
Analytics | Access Intelligence Center – author reports and dashboards Access History with Activity Insights Outliers – view only |
SailPoint Identity Security Cloud Business Plus
SailPoint Identity Security Cloud Business Plus includes everything in Business, plus:
SailPoint Atlas Platform | Unlimited active workflows with up to 100 steps per workflow |
Access Modeling | Role management with Activity Insights |
Application Onboarding | Application discovery and source configuration recommendations |
Lifecycle Management | Access requests with Activity Insights GenAI Descriptions for Entitlements Note: Only available for customers in AWS regions where the Amazon Bedrock LLM that SailPoint employs is supported. |
Cloud Infrastructure Entitlement Management (CIEM) | Management of identities and access in single-cloud and multi-cloud environments |
Compliance | Access certifications with Activity Insights |
Analytics | Outliers – scoring, contextual insights, and automated workflows |
Deprecated Definitions
Last Updated: October 26, 2023
Identity Cube - A unique collection of identity data for an active individual human, non-human, or other user that will be governed by SailPoint SaaS Services or Software. An active identity is one that is currently associated with the customer's business, requiring access to enterprise systems, applications, and resources to fulfill a business function or role. The actual types of Identity Cube are as follows:
-
Business Partner - Non-employees or affiliates who will be accessing the Customer’s network as part of the Customer’s normal business operations (e.g., providing access to a quoting system for independent insurance brokers). These types of Identity Cubes are limited to 5 governed sources per non-employee or affiliate.
-
Lite User - Employees, contractors, alumni, former employees, or other persons who do not interact daily with the software as part of the customer’s normal business operations. These types of Identity Cubes are limited to 5 governed sources per employee, contractor, alumnus, former employee, or other person.
-
Non-Human - A preconfigured software instance that uses business processes and/or artificial intelligence to complete the autonomous execution of one or more processes, activities, transactions, and/or tasks in one or more systems to deliver work output. This includes IoT devices that can be used to automate processes, monitor/control operations, and even optimize supply chains. In each case, the RPA, Bot, or IoT device has access to one or more systems or applications, and that access needs to be governed like any other Identity. This excludes service accounts that are used to run and manage applications in databases or operating systems. Only applicable to Identity IQ Software.
Source - A customer-specified enterprise system, applications, or resource for reading from, and—if supported by the specific system—writing changes to, user accounts. The connection to a Source is managed via connectors (e.g., a customer’s employee using SaaS Services or Software to connect to a customer-approved HR system or expense reporting application).
SailPoint Identity Security Cloud Business - Suite - Includes the following:
-
IdentityNow Access Certification
-
IdentityNow Separation of Duties
-
IdentityNow Access Request
-
IdentityNow Provisioning
-
SailPoint Access Insights
-
SailPoint Recommendation Engine
-
SaaS Workflows
SailPoint Identity Security Cloud Business Plus - Suite - Includes SailPoint Identity Security Cloud Business suite, plus the following:
-
SailPoint Cloud Infrastructure Entitlement Management
-
SailPoint SaaS Management
-
SailPoint Access Modeling
Internal Identity [-IU] - A machine or person who has access within the governed environment to greater than five (5) Sources.