Skip to main content

Platforms

Platforms we deploy

Five platforms we work with as a vendor partner. Two from SailPoint: IIQ (on-prem) and Identity Security Cloud (SaaS). Plus Evolveum midPoint (open-source IGA), JumpServer (open-source PAM), and Neutrino Foresight (network observability).

Talk to an architect
IGA · on-prem Vendor: SailPoint Technologies

SailPoint IdentityIQ

Mature enterprise IGA platform deployed in the customer's environment. The on-prem flagship of SailPoint, recognised by Gartner as a leader in the IGA market.

What it is

IdentityIQ (IIQ) is the long-running on-prem IGA from SailPoint. It's the default choice when strict data-residency, audit, or operational requirements rule out managed SaaS. Mature feature set, deep customisation surface and a connector ecosystem covering virtually every enterprise target system.

Core capabilities

  • Identity lifecycle for employees, contractors and service accounts
  • Role mining, role hierarchies and policy-driven RBAC
  • Separation of Duties (SoD) policies and conflict resolution
  • Certification campaigns and continuous access review
  • Workflow engine for approvals and exception handling
  • Connectors for AD/LDAP, Workday, SAP, ServiceNow, AWS/Azure/GCP, mainframes and custom apps
  • Full audit trail and compliance reporting (SOX, GDPR, ISO 27001)

Where it fits

  • Strict data-residency or operational requirements
  • On-prem operating preference with no SaaS
  • Large IT estates with diverse and legacy target systems
  • Programs requiring deep customisation and custom connectors

Identigy role

Technology partner of SailPoint since 2016. Greenfield IdentityIQ implementations, IdentityIQ → Identity Security Cloud migrations, custom connectors, role engineering and certification-campaign design.

Discuss this solution SailPoint practice page →
IGA · SaaS Vendor: SailPoint Technologies

SailPoint Identity Security Cloud

Cloud-native Identity Governance & Administration delivered as a managed service. Continuous updates, AI-driven access discovery, multi-region operations.

What it is

SailPoint Identity Security Cloud — formerly known as IdentityNow (IDN) — is SailPoint's SaaS IGA and the cloud-native equivalent of SailPoint IdentityIQ. Multi-tenant architecture, predictable upgrades, and AI-driven access analytics. Strong fit when your target systems are mostly SaaS apps.

Core capabilities

  • Full IGA delivered as a service: provisioning, lifecycle, certifications, role management
  • AI-driven access discovery and risk insights (SailPoint Atlas)
  • Native integrations with Workday, ServiceNow, Microsoft 365, Salesforce, AWS/Azure/GCP
  • Self-service request portal and modern UX
  • Compliance-grade audit trail and reporting
  • Cloud-native deployment, no on-prem infrastructure to operate

Where it fits

  • Cloud-first organisations choosing SaaS over on-prem operations
  • SaaS-heavy application landscapes
  • Programs targeting fast time-to-value (months, not years)
  • Multi-region operations with consistent global IGA

Identigy role

Multi-year ISC subscriptions delivered through Identigy for international clients. Identity model design, certification campaign rollout, change management, ongoing support.

Discuss this solution SailPoint practice page →
Open-source IGA Vendor: Evolveum (Slovakia)

Evolveum midPoint

Mature open-source Identity Governance & Administration. Apache License 2.0. Recognised by Gartner. Partner of Evolveum; active upstream contributor.

What it is

midPoint is the leading open-source IGA platform. Feature parity with commercial IGA suites, modular architecture, and a deployment model that fits both classic on-prem and Kubernetes-native operations. The right choice when vendor-neutrality, deep customisation or cost predictability dominate the decision.

Core capabilities

  • Focus-object model: users, roles, organisations, services, policies
  • Provisioning across resources via the ConnId connector framework
  • Role engineering with hierarchies and dynamic assignment policies
  • SoD policy engine with conflict resolution and remediation
  • Certification framework with periodic attestation campaigns
  • REST, SOAP and SCIM 2.0 APIs; declarative resource definitions
  • Identity-as-Code: Helm charts, GitOps-friendly configuration
  • Audit trail with full provenance

Where it fits

  • Organisations preferring open-source for vendor-neutrality
  • Programs with strong DevOps culture and GitOps adoption
  • Cost-sensitive enterprise IGA without compromise on functionality
  • Custom integrations and tailored workflows

Identigy role

Partner of Evolveum. Active upstream contributor; reusable in-house connector library across engagements. Full-cycle delivery: design, custom connectors, lifecycle workflows, LTS upgrades and managed support.

Discuss this solution
PAM · bastion Vendor: Open-source · Enterprise Edition by the vendor

JumpServer

Open-source Privileged Access Management platform with a commercial Enterprise Edition. Deployed in 500 000+ installations globally as a modern alternative to proprietary PAM.

What it is

JumpServer replaces the classic bastion-host pattern with a unified web-based access plane to SSH, RDP, databases, Kubernetes and web applications. Session recording, MFA, just-in-time access, and a credential vault are built in. The Enterprise Edition adds clustering, advanced database support, and vendor support.

Core capabilities

  • Web-console and native-client access to SSH, RDP, VNC, Telnet, RemoteApp
  • Database access via the bastion: MySQL, PostgreSQL, Oracle, MSSQL, MariaDB, MongoDB, Redis, ClickHouse, DB2
  • Kubernetes API access with fine-grained RBAC and kubectl audit
  • Session recording (text + graphical) and real-time monitoring with forced disconnect
  • MFA: TOTP, HOTP, RADIUS, integration with external IdPs
  • AD/LDAP user/group sync, SSO via SAML 2.0, OAuth 2.0, OIDC
  • Just-in-time access, ticket-based approval flow, fine-grained RBAC
  • Credential vault with rotation; passwords never exposed to end users
  • Command filtering (SSH + SQL), file-transfer and clipboard control

Where it fits

  • Contractor access to internal systems without VPN
  • Privileged-access governance for internal administrators and DBAs
  • Replacement for proprietary PAM (CyberArk, Delinea, BeyondTrust)
  • Regulatory audit readiness with full session recording

Identigy role

Integration partner. Discovery, model-of-access design, pilot, production rollout with clustering, migration from legacy bastions and direct SSH access, training and ongoing support.

Discuss this solution
Network observability · threat hunting Vendor: Neutrinotech

Neutrino | Foresight

Industrial-scale NetFlow analytics and threat-hunting platform for large corporate networks. Asset inventory, segmentation audit, anomaly detection and TI-based hunting from a single data layer.

What it is

Foresight collects network telemetry (NetFlow, IPFIX, sFlow, SNMP) without endpoint agents. It enriches the data into one layer — used at once by network engineers, SOC analysts, and CISOs. Unlike classical SIEM, it focuses on network telemetry. That keeps deep history at high traffic volumes — with no per-event licensing.

Core capabilities

  • Telemetry intake: NetFlow v5/v9, IPFIX, sFlow, SNMP metrics from routers and switches
  • Data enrichment: DNS resolution, geolocation, application classification, business owner grouping
  • Real-time asset inventory from observed traffic, without endpoint agents
  • Bandwidth monitoring with anomaly detection across interfaces and applications
  • QoS / DSCP marking analysis for critical applications
  • Segmentation policy (ACL) audit — observed vs documented traffic
  • Threat hunting with Threat Intelligence feeds and retrospective indicator search
  • Query builder, dashboards, REST API for SIEM and ticketing integration

Where it fits

  • Network engineering teams needing post-fact visibility without packet capture
  • SOC analysts extending telemetry beyond EDR with network-level context
  • Security architects auditing segmentation policy enforcement at scale
  • Operations and capacity planning grounded in actual traffic data

Identigy role

Integration partner of Neutrinotech. Discovery, sizing of collectors and storage, pilot deployment, production rollout, SIEM and ticketing integrations, ongoing support.

Discuss this solution

Not sure which platform fits your scenario?

Identigy delivers platform selection as a standalone advisory engagement — with vendor-neutral evaluation of the platforms above and a recommendation framed by your data-residency, integration and cost constraints.

Email info@identigy.com
FAQ

Frequently asked questions

Which IGA platform is right for us?

It depends on scale, existing stack and budget, not on a single 'best' product. SailPoint suits large regulated enterprises; midPoint fits teams wanting open-source control; cloud-first orgs often start with a SaaS IGA. We recommend from your constraints — we deploy all of them.

Can you migrate us off a legacy IAM platform?

Yes. Legacy migrations such as Oracle OIM are a common engagement — we map the existing role model and connectors, run the new platform in parallel, and cut over per-domain rather than big-bang. The migration plan comes out of an assessment.

Do you build custom connectors?

Yes. Most real deployments need connectors the platform does not ship — we build and maintain them (SAP, in-house apps, niche SaaS). The aggregation layer is usually the hard part of an identity program, not the dashboard.

Open-source midPoint vs commercial IGA — how do we decide?

Commercial platforms cut engineering effort and come with vendor support. Open-source midPoint removes licence cost and gives full control — but needs its own engineering team. The honest answer is per-company — we run midPoint ourselves and deploy commercial platforms for clients who need them.