SailPoint Identity Security Cloud (ISC)
Cloud sprawl makes it nearly impossible to know who has access to what - and manual access reviews can't keep pace. We help cloud-first enterprises implement SailPoint ISC to automate access governance, enforce compliance, and eliminate standing privileged access that auditors flag. No on-premise infrastructure required.
What Is SailPoint ISC?
ISC (formerly IdentityNow) is SailPoint's cloud-native SaaS identity governance platform. It delivers the same core governance capabilities as IdentityIQ-access certifications, lifecycle automation, provisioning, and compliance reporting-with a cloud-native architecture designed for hybrid and multi-cloud environments. ISC is API-first and multi-tenant by design.
Virtual Appliances (VAs) bridge on-premise sources into the ISC tenant, extending cloud governance to data center directories, databases, and legacy applications without requiring those systems to move to the cloud. We design ISC tenants around a customer's identity sources, target system topology, and tenant residency requirements - ensuring the platform is right-sized and correctly connected from day one.
ISC Capabilities
ISC Architecture
ISC is API-first and multi-tenant, exposing platform capabilities through the ISC v3 REST APIs. Virtual Appliances (VAs) bridge on-premise sources into the cloud tenant. Key design decisions GCA addresses: source ordering, transform architecture, workflow boundaries, and Event Trigger handlers.
ISC API Integration
Almost every integration in ISC runs through the REST API. GCA builds integrations that respect SaaS rate limits (HTTP 429 with Retry-After), batch where supported, and prefer Event Triggers over polling. Auth via Personal Access Tokens or OAuth client credentials with minimum required permissions.
ISC Event Triggers and Workflows
Event Triggers subscribe external endpoints or native Workflows to platform events-identity created, attribute changed, access requested, certification signed off. GCA implements handlers that are idempotent, responsive within timeout budgets, and observable through structured logging. We prefer native Workflow and Transform logic over custom external code.
ISC for Regulated Verticals
ISC carries the same audit and evidence burden as on-premise deployments. GCA configures certification campaigns, SoD enforcement, role models, and provisioning audit trails mapped to SOX Section 404, HIPAA Security Rule, PCI-DSS Requirement 7, and NIST 800-53 AC families. Reporting is structured so evidence is retrievable, not reconstructed.
What Happens Without Cloud Identity Governance
Without cloud-native identity governance, organizations rely on manual access reviews, tribal knowledge about who has access to what, and periodic audits that catch problems months after they occur. SaaS sprawl multiplies the attack surface while visibility shrinks. The result: orphaned accounts persist after employees leave, over-provisioned users accumulate access they no longer need, and compliance evidence must be reconstructed from fragmented logs rather than generated automatically.
What Success Looks Like
With SailPoint ISC implemented by GCA, identity governance runs automatically in the cloud. Access reviews execute on schedule with audit-ready evidence. New hires receive the right access on day one through automated provisioning tied to your HR system. Departures trigger immediate deprovisioning. Your IAM team shifts from manual access tracking to optimizing governance policies - and your auditors get evidence packages without a reconstruction effort.
ISC Implementation Process
GCA follows a structured methodology to deliver production-ready ISC deployments that are correctly connected, properly sized, and audit-ready from day one.
Assessment & Architecture
GCA maps your identity sources, target system topology, and compliance requirements to design an ISC tenant architecture that is right-sized from the start. We identify which sources connect via Virtual Appliances, which use native cloud connectors, and how transform logic maps data between systems.
Configuration & Integration
GCA builds source configurations, transforms, lifecycle rules, and certification workflows using ISC's API-first architecture. All configuration follows production-grade practices: version-controlled, change-controlled, and documented for audit traceability.
Testing & Validation
Before go-live, GCA validates provisioning workflows, access certification behavior, SoD enforcement, and Event Trigger handlers against documented test cases. Test evidence packages satisfy auditor requirements from day one.
Go-Live & Optimization
GCA supports the initial operational period with hands-on monitoring, rapid issue resolution, and performance tuning. Post-deployment, we expand application coverage and establish governance cadences that transition the deployment from a project into a managed program.
Frequently Asked Questions
-
What is SailPoint ISC?
SailPoint Identity Security Cloud (ISC), formerly known as IdentityNow, is SailPoint's cloud-native SaaS identity governance platform. It delivers access certifications, lifecycle automation, provisioning, and compliance reporting through an API-first, multi-tenant architecture designed for hybrid and multi-cloud environments.
-
How do Virtual Appliances work in ISC?
Virtual Appliances (VAs) bridge on-premise sources into the ISC tenant, extending cloud governance to data center directories, databases, and legacy applications without requiring those systems to move to the cloud.
-
How does ISC integrate with other systems?
Almost every integration in ISC runs through the ISC v3 REST APIs. GCA builds integrations that respect SaaS rate limits, batch where supported, and prefer Event Triggers over polling, authenticating via Personal Access Tokens or OAuth client credentials with minimum required permissions. Event Triggers subscribe external endpoints or native Workflows to platform events - identity created, attribute changed, access requested, certification signed off - and GCA implements those handlers to be idempotent and observable through structured logging rather than relying on scheduled polling jobs.
-
What compliance frameworks does GCA map ISC controls to?
GCA configures ISC certification campaigns, SoD enforcement, role models, and provisioning audit trails mapped to SOX Section 404, HIPAA Security Rule, PCI-DSS Requirement 7, and NIST 800-53 AC families, so evidence is retrievable rather than reconstructed.
-
What does GCA's ISC implementation process involve?
GCA follows a four-phase methodology: Assessment & Architecture to map identity sources and design a right-sized tenant, Configuration & Integration to build sources, transforms, and certification workflows using version-controlled, change-controlled practices for audit traceability, Testing & Validation against documented test cases, and Go-Live & Optimization with hands-on monitoring and expanded application coverage. This four-phase approach is designed for net-new ISC deployments; organizations migrating an existing IdentityIQ environment can see our SailPoint IIQ to ISC migration approach for the additional considerations involved in moving established governance to the cloud.