Skip to main content

SailPoint Identity Security Cloud (ISC)

Cloud sprawl makes it nearly impossible to know who has access to what - and manual access reviews can't keep pace. We help cloud-first enterprises implement SailPoint ISC to automate access governance, enforce compliance, and eliminate standing privileged access that auditors flag. No on-premise infrastructure required.

What Is SailPoint ISC?

ISC (formerly IdentityNow) is SailPoint's cloud-native SaaS identity governance platform. It delivers the same core governance capabilities as IdentityIQ-access certifications, lifecycle automation, provisioning, and compliance reporting-with a cloud-native architecture designed for hybrid and multi-cloud environments. ISC is API-first and multi-tenant by design.

Virtual Appliances (VAs) bridge on-premise sources into the ISC tenant, extending cloud governance to data center directories, databases, and legacy applications without requiring those systems to move to the cloud. We design ISC tenants around a customer's identity sources, target system topology, and tenant residency requirements - ensuring the platform is right-sized and correctly connected from day one.

ISC Capabilities

1

ISC Architecture

ISC is API-first and multi-tenant, exposing platform capabilities through the ISC v3 REST APIs. Virtual Appliances (VAs) bridge on-premise sources into the cloud tenant. Key design decisions GCA addresses: source ordering, transform architecture, workflow boundaries, and Event Trigger handlers.

2

ISC API Integration

Almost every integration in ISC runs through the REST API. GCA builds integrations that respect SaaS rate limits (HTTP 429 with Retry-After), batch where supported, and prefer Event Triggers over polling. Auth via Personal Access Tokens or OAuth client credentials with minimum required permissions.

3

ISC Event Triggers and Workflows

Event Triggers subscribe external endpoints or native Workflows to platform events-identity created, attribute changed, access requested, certification signed off. GCA implements handlers that are idempotent, responsive within timeout budgets, and observable through structured logging. We prefer native Workflow and Transform logic over custom external code.

4

ISC for Regulated Verticals

ISC carries the same audit and evidence burden as on-premise deployments. GCA configures certification campaigns, SoD enforcement, role models, and provisioning audit trails mapped to SOX Section 404, HIPAA Security Rule, PCI-DSS Requirement 7, and NIST 800-53 AC families. Reporting is structured so evidence is retrievable, not reconstructed.

What Happens Without Cloud Identity Governance

Without cloud-native identity governance, organizations rely on manual access reviews, tribal knowledge about who has access to what, and periodic audits that catch problems months after they occur. SaaS sprawl multiplies the attack surface while visibility shrinks. The result: orphaned accounts persist after employees leave, over-provisioned users accumulate access they no longer need, and compliance evidence must be reconstructed from fragmented logs rather than generated automatically.

What Success Looks Like

With SailPoint ISC implemented by GCA, identity governance runs automatically in the cloud. Access reviews execute on schedule with audit-ready evidence. New hires receive the right access on day one through automated provisioning tied to your HR system. Departures trigger immediate deprovisioning. Your IAM team shifts from manual access tracking to optimizing governance policies - and your auditors get evidence packages without a reconstruction effort.

ISC Implementation Process

GCA follows a structured methodology to deliver production-ready ISC deployments that are correctly connected, properly sized, and audit-ready from day one.

1

Assessment & Architecture

GCA maps your identity sources, target system topology, and compliance requirements to design an ISC tenant architecture that is right-sized from the start. We identify which sources connect via Virtual Appliances, which use native cloud connectors, and how transform logic maps data between systems.

2

Configuration & Integration

GCA builds source configurations, transforms, lifecycle rules, and certification workflows using ISC's API-first architecture. All configuration follows production-grade practices: version-controlled, change-controlled, and documented for audit traceability.

3

Testing & Validation

Before go-live, GCA validates provisioning workflows, access certification behavior, SoD enforcement, and Event Trigger handlers against documented test cases. Test evidence packages satisfy auditor requirements from day one.

4

Go-Live & Optimization

GCA supports the initial operational period with hands-on monitoring, rapid issue resolution, and performance tuning. Post-deployment, we expand application coverage and establish governance cadences that transition the deployment from a project into a managed program.

Frequently Asked Questions

Get Started with SailPoint ISC