Skip to content

SailPoint Customer Agreements Definitions and Additional Terms

You can review the current definitions used by SailPoint, Additional Terms applicable to specific SailPoint Offerings, the SailPoint Identity Security Cloud Suites, and deprecated definitions.

Capitalized terms that are used and not defined herein have the meanings given to them in the then-current SailPoint Framework Customer Agreement at https://www.sailpoint.com/legal/customer-partner-agreements.

Current Definitions

Last Updated: December 4, 2024

Identity-driven Product Licensing - SailPoint’s Identity Security products are singularly licensed by Identity according to the following identity profiles, which reflect the type of identity that an Identity Cube represents:

  • Identity [-IU] - A Person or Machine who has access within the governed environment or is managed by the SaaS services.

    • Person - A human being regarded as an individual.
    • Machine or Machine Account - Built-in accounts, devices, service accounts, agents, automations, workloads or any other non-human mechanism that use business processes, workflows and/or artificial intelligence to complete the autonomous execution of one or more processes, activities, transactions, and/or tasks in one or more systems to deliver work output.

  • Lite Identity [-LU] - A Person or Machine whose access within the governed environment is limited to five (5) Sources.

  • Inactive - An Identity or Lite Identity for which, as applicable: (a) the Identity State is set to “inactive” in Identity Security Cloud or, (b) the profile is set to “archived” in Non-Employee Risk Management.

    In addition to the Active Identities, Customers are entitled to store a limited number of Inactive Identities, in an amount not to exceed thirty percent (30%) of the combined total licensed Identities and Lite Identities. Inactive Identities are only applicable in the services set forth above.

Source(s) - Customer-managed or subscribed to target system for reading data from, and if supported by the specific system, writing changes to, user accounts governed by the SailPoint Offerings.

Product-Specific Terms

Last Updated: March 24, 2025

Data Usage. From time to time, SailPoint may use Customer Data or other aspects of Customer’s use of the SailPoint Offerings to generate patterns, statistics, and similar metadata that does not identify Customer or any of Customer’s Users (“Usage Data”). Usage Data is owned by SailPoint.

Prohibited Data. SailPoint’s SaaS Services are not intended to be used in connection with Prohibited Data. Customer and its Users shall not, and shall not permit any third party to, send to SailPoint, or store in the SaaS Services, any Prohibited Data.

Data Retention & Deletion. The Documentation sets forth data retention and availability commitments with respect to certain types of data. Where not specified elsewhere in the Documentation, the following terms apply:

  • Customer Data uploaded to and stored in the SaaS Services by Customer is retained until the expiration or earlier termination of Customer’s agreement with SailPoint (“Relationship Ending”), unless Customer requests to have data deleted. Following the Relationship Ending, SailPoint will delete the Customer Data in accordance with its standard data archival and deletion cycle.

  • Log data, reports, and similar historical data produced by the SaaS Services may be deleted in accordance with SailPoint’s standard data archival and deletion cycle.

AI Features. The following terms apply to all Customer and User access and use of any AI Feature(s), to the extent applicable. “AI Feature(s)” means any feature or functionality embedded or enabled or otherwise made available by SailPoint in connection with any SailPoint Offerings that utilize artificial intelligence and/or machine learning data models. AI Features that leverage generative artificial intelligence to create new content based on Customer Data are “Generative AI Features.”

  • Ownership. As between SailPoint and Customer, Customer shall own any text or other content that Customer inputs to Generative AI Features (“Input”), as well as any Customer-specific suggestions, results, or other output generated and returned by any AI Features (“Output”) except to the extent such Output is based on any SailPoint confidential information or other data or materials, such as Documentation. Due to the nature of machine learning, Output may not be unique across users and the AI Features may generate the same or similar Output for other parties. For example, multiple users of SailPoint customer(s) may ask similar questions and receive the same or similar responses from the AI Features. Such responses are not Customer-specific and therefore not considered Output owned by the Customer. For clarity, Usage Data and Feedback do not constitute Input.

  • Customer Responsibilities and Restrictions. As between Customer and SailPoint, Customer is responsible for ensuring that Users are made aware of best practices for using AI Features and Output, and use the AI Features, Input and Output in compliance with all applicable laws, regulations, government order or decree, and guidelines, including, without limitation, laws relating to bias, discrimination, fairness, and privacy (collectively, “AI laws”). Without limiting the foregoing and as between the parties, Customer is solely responsible for ensuring that all notifications, consents, or other required information for Input to be lawfully made and transmitted to SailPoint are provided and collected in accordance with AI laws and that Customer’s use of any Output is in compliance with and does not cause Customer to violate any AI laws.

    • Customer must not use (or facilitate any other person to use) the AI Features: (a) for any use prohibited by AI laws or for any high-risk purpose or for any purpose that may cause the AI Feature to be deemed “high-risk” (including, without limitation, within the meaning of Regulation EU 2024/1689 (“EU AI Act”)); (b) to generate content that expresses or promotes hate, harassment, or violence, exploits or harms any individual, encourages self-harm, presents illegal, sexual, political, harmful, false, deceiving or misleading information, misuses personal data, or contains malware, unsolicited bulk content, ransomware, or viruses; or (c) in a way that infringes, misappropriates, or violates any third-party rights. Customer shall not put its name or trademark on any AI Feature or make any substantial modification to any AI Feature (including, without limitation, any change that materially alters the intended purpose, design, or performance thereof).

    • Customer shall cooperate with and inform SailPoint of any incident arising from Customer’s use of any AI Feature or request from a supervisory authority addressed to the Customer concerning any AI Feature. Customer shall reasonably cooperate with SailPoint including by allowing SailPoint to systematically collect, document and analyze relevant data to allow SailPoint to meet its obligations under AI laws (including the EU AI Act), if any.

  • Disclaimers. Customer acknowledges that the AI Features rely on technologies that are inherently probabilistic in nature, and as such, Output may not be entirely accurate, precise, comprehensive, or factual. Customer’s use of the Output is at its sole risk. Customer should not rely on Output as the sole source of truth or factual information, and shall evaluate Output for accuracy, fairness, and appropriateness for Customer’s purposes at all times.

  • Other Providers. SailPoint may use technology from third parties such as Amazon Web Services and Anthropic to provide certain of the AI Features. Customer agrees that:

    • Customer shall not use any Generative AI Features in a manner that violates the Anthropic Acceptable Use Policy.

SailPoint Identity Security Cloud Suites

Last Updated: March 24, 2025

SailPoint Identity Security Cloud Standard

SailPoint Identity Security Cloud Standard includes the following:
SailPoint Atlas Platform Workflows and Forms - up to 10 active workflows with up to 20 steps per workflow

Connectors - up to 15 distinct sources from the SailPoint connector library

Integrations - may add up to 5 paid integrations (additional cost)

Unlimited access to APIs and event triggers
Access Modeling Role definition, management, and role assignments

Customer-Defined Access Model Metadata
Lifecycle Management Automated access provisioning

Change management of users to applications

Automated removal of access

Access requests and approvals

Task Reassignment - individual users
Compliance Access reviews and certifications

Separation of Duties
Analytics Access Intelligence Center - view only

Access History
Harbor Pilot Documentation Q&A

Note: Only available for customers in AWS regions where the Amazon Bedrock LLM that SailPoint employs is supported.

SailPoint Identity Security Cloud Business

SailPoint Identity Security Cloud Business includes everything in Standard, plus:

SailPoint Atlas Platform Workflows and Forms - up to 25 active workflows with up to 50 steps per workflow

Connectors - no limit, access to full SailPoint connector library

Integrations - no limit on paid integrations (additional cost)

Unlimited access to APIs and event triggers
Access Modeling Role Insights, Discover Common Access, and Role Discovery
Application Onboarding Application discovery and source configuration recommendations
Lifecycle Management Access request recommendations

Access request administration
Compliance Access certification recommendations
Analytics Access Intelligence Center - author reports and dashboards

Access History with Activity Insights

Outliers - view only
Harbor Pilot Documentation Q&A and Workflows Generator

Note: Only available for customers in AWS regions where the Amazon Bedrock LLM that SailPoint employs is supported.

SailPoint Identity Security Cloud Business Plus

SailPoint Identity Security Cloud Business Plus includes everything in Business, plus:
SailPoint Atlas Platform Unlimited active workflows with up to 100 steps per workflow
Access Modeling Role management with Activity Insights and Dynamic Access Roles
Application Onboarding Application discovery and source configuration recommendations
Lifecycle Management Access requests with Activity Insights

GenAI Descriptions for Entitlements
Note: Only available for customers in AWS regions where the Amazon Bedrock LLM that SailPoint employs is supported.
Cloud Infrastructure Entitlement Management (CIEM) Management of identities and access in single-cloud and multi-cloud environments
Compliance Access certifications with Activity Insights
Analytics Outliers - scoring, contextual insights, and automated workflows

Data Segmentation for Entitlements
Harbor Pilot Documentation Q&A and Workflows Generator

Note: Only available for customers in AWS regions where the Amazon Bedrock LLM that SailPoint employs is supported.

SailPoint Identity Security for SAP

Last Updated: October 17, 2024

SailPoint Identity Security for SAP includes the following integrations:
SAP Basic ¹ Customer can choose 4 of the following SailPoint integrations:

• SAP Concur

• SAP Ariba

• SAP Fieldglass

• SAP Analytics Cloud

• SAP SuccessFactors Employee Central

• SuccessFactors LMS (Learning Management Solution)

• SAP Commerce Cloud

• SAP Integrated Business Planning
SAP Core ¹ Includes all integrations offered under the SAP Basic package, plus:

On-premise integrations:

  • SAP Web Portal

  • SAP Sybase

  • SAP HR/HCM

  • SAP HANA Database (on-premise and cloud)

  • SAP Business Suite

  • SAP GRC (with preventive risk violation checks and GRC-IAG bridge support)

Cloud and hybrid services integrations:

  • S/4HANA Public Cloud

  • SAP BTP Cockpit

  • SAP Identity Directory

  • SAP Direct for S/4HANA Private Cloud (SAP RISE offering)
SAP Advanced Includes all integrations offered under the SAP Core package, plus:

• SailPoint Access Risk Management (ARM)

¹ SailPoint reserves the right to add or remove integrations from each package at any time. SailPoint is not responsible for and cannot guarantee the availability of any SAP products or services. Customer understands that integrations might become unavailable at any time due to changes to the connected SAP products or services that are outside of SailPoint’s control. In such an event, Customer will not be entitled to receive any refund of fees paid or discount on future fees owed.

Deprecated Definitions

Last Updated: October 26, 2023

Identity Cube - A unique collection of identity data for an active individual human, non-human, or other user that will be governed by SailPoint SaaS Services or Software. An active identity is one that is currently associated with the customer's business, requiring access to enterprise systems, applications, and resources to fulfill a business function or role. The actual types of Identity Cube are as follows: 

  • Business Partner - Non-employees or affiliates who will be accessing the Customer’s network as part of the Customer’s normal business operations (e.g., providing access to a quoting system for independent insurance brokers). These types of Identity Cubes are limited to 5 governed sources per non-employee or affiliate.

  • Lite User - Employees, contractors, alumni, former employees, or other persons who do not interact daily with the software as part of the customer’s normal business operations. These types of Identity Cubes are limited to 5 governed sources per employee, contractor, alumnus, former employee, or other person.

  • Non-Human - A preconfigured software instance that uses business processes and/or artificial intelligence to complete the autonomous execution of one or more processes, activities, transactions, and/or tasks in one or more systems to deliver work output. This includes IoT devices that can be used to automate processes, monitor/control operations, and even optimize supply chains. In each case, the RPA, Bot, or IoT device has access to one or more systems or applications, and that access needs to be governed like any other Identity. This excludes service accounts that are used to run and manage applications in databases or operating systems. Only applicable to Identity IQ Software. 

Source - A customer-specified enterprise system, applications, or resource for reading from, and—if supported by the specific system—writing changes to, user accounts. The connection to a Source is managed via connectors (e.g., a customer’s employee using SaaS Services or Software to connect to a customer-approved HR system or expense reporting application).

SailPoint Identity Security Cloud Business - Suite - Includes the following:

  • IdentityNow Access Certification

  • IdentityNow Separation of Duties 

  • IdentityNow Access Request

  • IdentityNow Provisioning

  • SailPoint Access Insights 

  • SailPoint Recommendation Engine

  • SaaS Workflows 

SailPoint Identity Security Cloud Business Plus - Suite - Includes SailPoint Identity Security Cloud Business suite, plus the following:

  • SailPoint Cloud Infrastructure Entitlement Management

  • SailPoint SaaS Management 

  • SailPoint Access Modeling

Internal Identity [-IU] - A machine or person who has access within the governed environment to greater than five (5) Sources.