CyberIAM Holdings Ltd

SailPoint IdentityNow - Cloud Identity Governance Service

Cloud based Identity Governance solution from leading identity vendor, SailPoint. IdentityNow enables business friendly identity governance via access request, access certification and effective provisioning and deprovisioning of joiners, movers and leavers, along with improved productivity and Password Management capabilities. Patented Zero Knowledge Encryption security model.


  • Access Review covering cloud and on premise applications
  • Automated provisioning and user lifecycle management as a service
  • Business application integration
  • Access Certification Campaigns verifies user access permissions by line management
  • Password Management for on and off network password resets
  • Access Request delivered as a service
  • Identity warehouse showing all accounts and access users have
  • Governance of roles and role policy management
  • Securely deliver IGA with Patented Zero Knowledge Encryption algorithm
  • Visibility, reporting and querying for identities, entitlement, accounts and policies


  • Enables resource owners and business managers to manage access
  • Automate joiner/mover/leaver scenarios, create custom HR states driving user access
  • Connector library supporting leading enterprise systems and custom connectors
  • Reduce helpdesk calls for password management, improving security and efficiency
  • Secure self-service password management reduces IT load enhancing user productivity
  • Mobile apps for password management/reset, access requests and approvals
  • Single source of truth for all questions concerning user access
  • Govern business and IT roles for automation and security
  • Communicates with exisiting infra securely without forcing any changes
  • Instantly answers "who has what level access to what resource"


£48 to £200 a unit an hour

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

8 9 5 9 3 4 8 5 4 5 9 8 0 6 3


CyberIAM Holdings Ltd Andy Pinnington
Telephone: 08443350012

Service scope

Software add-on or extension
What software services is the service an extension to
We are one of the top three implementation partners of SailPoint and we extend the SailPoint platform to meet our customer needs. Our consultants have vast experience of designing and implementing solutions which compliment and integrate directly with SailPoint's platform.
Cloud deployment model
  • Public cloud
  • Private cloud
Service constraints
IdentityNow is deployed in Amazon Web Services (AWS). Hosted data resides in one of several AWS regions, the location of which is determined by the customer. Customers may elect to have their data hosted in the UK, the EU in Frankfurt, Germany or in the US in Oregon or Virginia.
System requirements
  • Web Browsers: Firefox, Internet Explorer, Microsoft Edge, Chrome or Safari
  • Hypervisor for Virtual Appliances housing our connectivity layer
  • SaaS solution. Other components are managed in AWS by SailPoint

User support

Email or online ticketing support
Yes, at extra cost
Support response times
“Business Hours” 8am-6pm local time, Monday to Friday, except local public holidays for non-severity 1 cases. For all severity 1 cases: 7 days a week at 24 hours a day coverage. Severity 1 - Response time two hours; Severity 2 - Response time four hours; Severity 3 - Response time twelve hours; Severity 4 - Response time 24 hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
SailPoint offers Premium support for their IdentityNow SaaS solution. Premium support provides 24x7 support for severity 1 issues.

Support and maintenance includes:
(a) Telephone or electronic support in order to help Customer locate and correct problems with the SaaS Services.
(b) Bug fixes and code corrections to correct malfunctions in order to bring such SaaS Services into substantial conformity with the operating specifications contained in the Documentation.
(c) All extensions, enhancements and other changes that SailPoint, at its sole discretion, makes or adds to the SaaS Services and which SailPoint furnishes, without charge, to all other subscribers of the SaaS Services.
(d) Up to 5 dedicated contacts designated by Customer in writing that will have access to support services.
(e) Access to Compass, SailPoint’s customer and partner portal, which includes discussion forums, technical information, latest company and product information, webinars, and product downloads. It also provides collaborative forums, which allow interaction between customers and SailPoint subject matter experts.
(f) Appointment of a Customer Success Manager to serve as your primary point of contact and advocate within SailPoint.

CyberIAM also offer support for IdentityIQ at additional cost.
Support available to third parties

Onboarding and offboarding

Getting started
CyberIAM provides professional services, which is especially recommended during the initial phase of deployment and work directly with the customer.

Comprehensive documentation is provided by SailPoint to cover all aspects of IdentityNow functionality. All IdentityNow documentation is provided online via the Compass web portal and includes technical white papers, implementation guidance, IdentityNow wiki, and other documentation. Compass also includes a User Forum where clients can ask specific questions and get answers from our technical support staff and other clients.

SailPoint offers instructor-led Administrator and Implementation training sessions that are tailored to each customer’s deployment and cover topics such as:
·Introduction to IdentityNow
·Data Aggregation and Correlation
·Implementation Guidelines
·Access Certification
·Password Management
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
IdentityNow has API’s and reports which the users can use to export their data as needed. If the user wants SailPoint's assistance in the export process, they can purchase services hours to have SailPoint Professional Services assist in the process.
End-of-contract process
"Upon termination of the SaaS Agreement or expiration of the Subscription Term, SailPoint shall immediately cease providing the SaaS Services and all usage rights granted under this SaaS Agreement shall terminate.

The contract (SaaS subscription) includes access to the service and customer support for the service. All professional services are additional costs and this would include any transitional professional services required at the end of the contract. "

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
Application to install
Compatible operating systems
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Differences between the mobile and desktop service
The IdentityNow service is a cloud based service, which is accessed via a browser interface. IdentityNow supports all modern browsers and is agnostic when it comes to the device accessing the service. When accessing the interface, the page is automatically scaled for whichever device is being used.

In addition, SailPoint offers a mobile application for iOS and Android.
Service interface
User support accessibility
None or don’t know
Description of service interface
The service is accessible via a standard Browser based access / Web UI which does not override user’s individual computer display attributes (such as contrast and colour. The Software/screen does not have elements that flash/blink at high frequency.
Accessibility standards
WCAG 2.1 AA or EN 301 549
Accessibility testing
SailPoint has completed a manual assessment against WCAG 2.0 Levels A and AA with and without assistive technologies.
What users can and can't do using the API
SailPoint offers a fully functioning, versioned API.

The IdentityNow Platform APIs allow you to build your own applications, web sites, and tools that take advantage of IdentityNow's data, features, and flows. The APIs follow a familiar RESTful standard, using query and path parameters, request/response headers, and JSON request/response bodies.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
IdentityNow has a host of customisation options. For example, customers can change the User Interface (colours and logos), create custom connectors to applications and customize lifecycle states.

IdentityIQ is highly configurable to suit the needs of the business.


Independence of resources
As a true SaaS solution, IdentityNow is able to dynamically scale immediately, as needed, to meet customer needs.


Service usage metrics
Metrics types
"Metrics include:
Availability of IdentityNow
# of active and inactive users
# of successful and unsuccessful changes on a per application basis
Audit log metrics for all provisioning, access request and access certification actions within the service "
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2019
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Customer data at rest is encrypted with the AES256 algorithm by using the AWS Key Management Service (KMS).
Data sanitisation process
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
IdentityNow has API’s and reports which the users can use to export their data as needed. If the user wants assistance in the export process, they can purchase services hours to have SailPoint Professional Services assist in the process.
Data export formats
  • CSV
  • Other
Other data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks
IdentityNow utilizes its patented zero knowledge encryption to provide multiple layers of encryption on all critical data stored in the IdentityNow cloud database.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
IdentityNow utilizes Amazon Web Services (AWS) for hosting. AWS implements least privilege throughout its infrastructure components. AWS prohibits all ports and protocols that do not have a specific business purpose. Network scanning is performed and any unnecessary ports or protocols in use are corrected. Access to the IdentityNow data within the AWS environment is restricted only to SailPoint DevOps team. Customer data at rest is encrypted with the AES256 algorithm IdentityNow provides encryption of all customer data, where the most sensitive customer data is dual-encrypted, using keys that are only ever controlled by the customer or end user's device.

Availability and resilience

Guaranteed availability
The SaaS Services will achieve System Availability of at least 99.9% during each calendar month of the Subscription Term. “System Availability” means the number of minutes in a month that the key components of the SaaS Services in a Customer production environment are operational as a percentage of the total number of minutes in such month, excluding downtime resulting from (a) scheduled maintenance, (b) events of Force Majeure, (c) malicious attacks on the system, (d) issues associated with the Customer’s computing devices, local area networks or internet service provider connections, or (e) inability to deliver services because of acts or omissions of Customer or any Identity Cube user.

If SailPoint fails to meet System Availability in an individual month, upon written request by Customer within 30 days after the end of the month, SailPoint will issue a credit in Customer’s next invoice in an amount equal to ten percent (10%) of the monthly fee for the affected SaaS Services for each 1% loss of System Availability below stated SLA per SaaS Service, up to a maximum of fifty percent (50%) of the Customer’s monthly fee for the affected SaaS Services.
Approach to resilience
SailPoint’s IdentityNow solution is provided utilizing Amazon Web Services with each primary hosting location providing full redundancy of hardware, software, and network infrastructure across three AWS Availability Zones. SailPoint provides fully automated failover and advanced backup and recovery measures to ensure that IAM services are available for operation and use. Additionally, controls are in place to provide quick restoration capabilities from backup, in the event that a site or overall service experiences a critical failure.
Outage reporting
IdentityNow is a pure SaaS solution and IdentityNow service components are monitored by SailPoint DevOps personnel. There is a public status dashboard,

For issues broadly impacting all customers, notice and updates would be posted to the Compass portal. You can elect to receive email notification when such notices are posted to Compass. For serious issues, your customer success manager will reach out to you via email and/or phone. SailPoint Assigns a Customer Success Manager to every client. The Customer Success Manager serves as your primary point of contact and your advocate within SailPoint.

Identity and authentication

User authentication needed
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
SailPoint applies the principle of least privileged access.Employees are granted access based on pre-approved roles and job descriptions, which are reviewed and re-certified at least annually.In IdentityNow, administrative access is restricted to DevOps. We utilize a support account, separate from customer access accounts.Access to the production environment by SailPoint DevOps personnel requires remote access into the EC2 environment which is restricted through the use of a Secure Shell (SSH) connection from the SailPoint corporate IP address and two-factor authentication.In the IdentityNow UI, access is role-based, allowing Admin and Heldesk staff, for example, to receive elevated rights for their specific function.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
SailPoint has completed a SOC 2 Type II audit.

SailPoint leverages Amazon Web Services (AWS) to host IdentityNow. AWS maintains compliance with ISO 9001, ISO 27001, HIPAA, PCI, SOC, CSA, FedRAMP, FERPA, and other compliance programs. More information is available at
Information security policies and processes
The Company maintains IT Security policies which define IT security protocols in order to help minimize security risks. The policies (including incident response, change management, data handling, DR/Backup) are available on the Company’s intranet and are reviewed annually.

All SailPoint employees complete online computer-based security awareness training annually. The computer-based training covers traditional security awareness topics, including physical, email and mobile device security. The training also includes anti-phishing simulated attacks throughout the year and training designed to improve employees' recognition of baits and traps commonly found in phishing emails and spear phishing attacks. Employees learn to identify and avoid manipulative content, malicious and disguised links, dangerous attachments, inappropriate data requests, and other threats.

Additional training is provided at the departmental level as appropriate for each role. All members of the engineering team are provided education about developing and testing secure applications including the Open Web Application Security Project (OWASP) Guide to Building Secure Web Applications and Web Services, the most current documents from the OWASP Top Ten Project, Essential Skills for Secure Programmers Using Java/JavaEE from the Secure Programming Council, and SANS’ Top 25 Programming Errors.
CyberIAM are Cyber Essentials Certified.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Agile method is used for software development. Software development processes are changing and looking to improve. These changes include adjustments to the definitions of terms used. At times certain terms are co-opted and the definition evolves with the industry. Software Development Lifecycle falls into this category. SDLC at one time described a specific process of varying staging of analysis, development, integration, testing, and so forth. Other methodologies have been developed over time to improve the process of delivering software. For SailPoint SaaS software, the term Software Development Lifecycle encompasses whatever process we currently using to deliver code to our customers.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
SailPoint completes both internal automated vulnerability scans, which are executed during regular verification cycles as part of each weekly release, and external penetration tests conducted by a third-party firm.

AWS performs regular vulnerability scans on the host operating system, web application, and databases in the AWS environment using a variety of tools.

SailPoint subscribes to vendor notification services with notifications of newly released patches and updates. Patches reviewed by SailPoint and deemed to be “Critical” are applied within 30 days of release. SailPoint generally upgrades IdentityNow on a weekly basis but can apply a patch within 24 hours if warranted.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
SailPoint leverages Amazon Web Services (AWS) to host IdentityNow. AWS monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. AWS security monitoring tools help identify several types of denial of service (DoS) attacks, including distributed, flooding, and software/logic attacks.

SailPoint uses a variety of tools to monitor the availability of the IdentityNow production environments for its clients, including alerts from AWS. These tools send alerts to the SailPoint DevOps team that trigger follow-up procedures.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Customers should report any issues with the IdentityNow service to SailPoint support via the Compass portal, email or telephone.

SailPoint maintains a Security Incident Response Policy and Procedure, which specify the steps and roles and responsibilities should such an incident occur. These policies address remediation and follow-through to ensure the issue is understood and fully addressed.

As it relates to a security issue with a SailPoint product or service broadly impacting all customers, notice and updates would be posted to the Compass portal. For serious issues, your customer success manager will reach out via email and/or phone.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

Our environmental footprint is significantly smaller than similar sized organizations. We are entirely paperless, utilising a public cloud environment for our IT infrastructure which minimises our environmental impact. We do not use data centers, keeping our carbon footprint small. We also recycle our hardware and encourage the use of reusable containers in the office.
Covid-19 recovery

Covid-19 recovery

We responded quickly to the Covid-19 pandemic, enabling our employees to work from home and continue to do so as they wish, allowing for flexibility. We hold regular company meetings and virtual social events which allow for everyone to communicate and socialise wihtout risk. Now staff are permitted to return to offices, there are suggestion boxes for employees to anonymously let us know anything that would help them carry out their duties safely and comfortably. The offices also have Covid-19 rapid flow tests, hand sanitisers and temperature monitors.
Tackling economic inequality

Tackling economic inequality

We are committed to diversity, inclusion and equality at CyberIAM. Our employees hail from all around the globe and are all paid higher than the national average. We offer a women’s support network group for the women in our company of all ages, ethnicities and backgrounds.
Equal opportunity

Equal opportunity

Our equal opportunities policy is in place to enforce our firm belief in equality for all. Everybody at the company has the same opportunity for training, recruitment and selection. Our jobs are advertised to a diverse audience and our employees come from around the world including UK, South Africa, Spain, Philippines, Australia. We specify our initiatives to include gender representation and typically undersupported, disadvantaged groups, most recently, we celebrated Eid in April and May 2022.


Our offices are stocked with fruit snacks and drinks to support the health of our employees. We also have a social committee who organise and run events for the company, ensuring everybody gets to have fun and socialise if they wish to. We have an open door policy where people are encouraged to share and resolve any worries they have; we work with our employees to ensure they are happy and comfortable, e.g. flexible working hours to accommodate childcare needs. We work hard for our inclusive and supportive culture where everyone and their views, beliefs and goals are respected.


£48 to £200 a unit an hour
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.