What Is SailPoint IdentityIQ (IIQ)?
SailPoint IdentityIQ (IIQ) is an enterprise identity governance platform that controls who has access to what across an organisation's applications, systems, and data. It automates user provisioning, access certifications, lifecycle events (joiner, mover, leaver), and compliance reporting — replacing the manual, spreadsheet-based access management that causes audit failures and security breaches in large enterprises.
Quick answer: SailPoint IIQ sits between your HR system and all your enterprise applications. When someone joins the company, IIQ automatically provisions the right access based on their role. When they leave, IIQ deprovisions it. When they move teams, it adjusts access accordingly. And every quarter, it generates the access certification reports your compliance team needs for RBI, SOX, or PCI-DSS audits — without anyone chasing 50 managers on email.
SailPoint Technologies, headquartered in Austin, Texas, built IdentityIQ for large enterprises that need deep customisation — custom workflows, Java-based rules, and complex connector integrations — that a SaaS product cannot provide. It is deployed on-premise or in a private cloud and integrates with hundreds of enterprise systems through a connector framework.
In India, SailPoint IIQ is the dominant IAM platform in BFSI GCCs (JP Morgan, Goldman Sachs, Deutsche Bank, Barclays), IT services majors (Infosys, TCS, Wipro, Accenture, Deloitte), and regulated industries including healthcare and government. That deployment footprint creates over 12,000 active SailPoint-related job listings on Naukri as of 2026, making it one of the most career-relevant IAM skills an IT professional in India can build.
The Problem SailPoint IIQ Solves in an Enterprise
To understand why IIQ exists, you need to understand the access management problem at enterprise scale. A company with 10,000 employees, 200 enterprise applications, and a mix of on-premise and cloud systems faces a question that sounds simple but is nearly impossible to answer manually: who has access to what, and should they?
Joiner Problem
A new employee joins. Their manager emails IT. IT creates 12 accounts across 12 systems manually, some correct, some wrong. The new joiner can't work for 3 days. SailPoint IIQ automates this in minutes.
Mover Problem
An employee moves from Finance to Operations. Their old finance application access remains. Six months later, an auditor finds the violation. SailPoint IIQ detects and corrects access the moment the move is recorded in the HR system.
Leaver Problem
An employee resigns. Their accounts are supposed to be disabled immediately. Instead, IT disables only their email but forgets 8 other systems. A dormant account is a security risk. SailPoint IIQ deprovisions all connected accounts automatically on the termination date.
Compliance Problem
Your RBI audit is in three weeks. The auditor wants a report of every user with access to every system, reviewed and signed off by their manager. Without IIQ, this is weeks of manual work. With IIQ, it's a scheduled certification campaign.
These four problems — multiplied across 10,000 users and 200 applications — are exactly what SailPoint IdentityIQ is built to solve. It is not a security tool in the traditional firewall sense; it is a governance tool that ensures the right people have the right access at the right time, and that there is a clean audit trail proving it.
How SailPoint IIQ Works — Step by Step
SailPoint IIQ works by becoming the central nervous system for identity data across your enterprise. Here is the simplified flow that any IT professional should understand before starting training:
- Identity Aggregation: IIQ connects to all your enterprise systems — Active Directory, SAP, Workday, ServiceNow, Salesforce, Oracle, custom apps — via connectors. It pulls identity data from each system and builds a unified "identity cube" for every user.
- Role and Policy Application: Based on the user's HR attributes (job title, department, location), IIQ applies Role-Based Access Control (RBAC) rules to determine what they should have access to. Separation-of-Duties (SoD) policies flag conflicts — for example, a person who approves purchases should not also be able to create purchase orders.
- Lifecycle Event Processing: When the HR system sends a "new hire" trigger, IIQ runs the Joiner lifecycle event — provisioning access automatically. The same logic applies for Mover and Leaver events (Module 12 in the IIQ curriculum).
- Access Certification: IIQ schedules periodic reviews where managers or application owners certify whether their team members still need their current access. Certifiers approve, revoke, or escalate each entitlement. Revoked access is automatically deprovisioned.
- Audit and Reporting: Every provisioning action, every certification decision, every policy violation is logged. IIQ generates compliance reports for SOX, RBI, PCI-DSS, ISO 27001, and other regulatory frameworks.
Why this matters for your career
Enterprise interviews for SailPoint IIQ roles almost always begin with "walk me through how IIQ manages a new joiner end to end." That question maps directly to Module 3 (Application Onboarding), Module 4 (Aggregation Jobs), Module 12 (Lifecycle Events), and Module 7 (Role Management) in the training curriculum. Understanding the flow before you know the modules makes the technical training significantly faster to absorb.
The 14 Core Modules of SailPoint IdentityIQ
A complete SailPoint IIQ implementation covers 14 functional areas, each of which is a distinct module in enterprise deployments. These same 14 modules form the SailPoint Academy training curriculum — they are not arbitrary; they map directly to the enterprise configuration tasks that IIQ professionals perform on the job.
IAM Overview & SailPoint IIQ
Identity governance fundamentals, Compliance Manager, Lifecycle Manager, SailPoint artefacts.
SailPoint Architecture
Install, upgrade, patch SailPoint. IIQ server architecture — control tier, data storage, scalability.
Application Onboarding
Authoritative and non-authoritative apps, direct connectors, datafile connectors, identity mapping.
SailPoint Jobs
Aggregation job, refresh job, system job — the scheduled tasks that keep IIQ identity data current.
Configuration File
Extended attributes, IIQ properties, Log4j, audit configuration, SysLog, email setup.
Application Rules
Aggregation, provisioning, connector, and schema rules. Manage Access (access request rules).
Role Management
Business roles, IT roles, Role-Based Access Control (RBAC) configuration and assignment.
Policy Management
Separation-of-Duties policies, SOD policy types — the compliance backbone of every IIQ deployment.
Risk Score
Identity risk scoring configuration — quantifying access risk per identity for audit and governance.
Groups, Workgroups, Population
Managing groups and workgroups for access delegation and certification scoping.
Access Certification
Entitlement, role, manager, app-owner, advanced, and event-based certifications. Compliance heart of IIQ.
Lifecycle Events
Joiner, Mover, Leaver, Rehire — the automated triggers that govern access at every stage of employment.
Custom Workflow
Java-based workflow development — building approval chains, provisioning flows, and escalation logic.
Quick Link & Reporting
Self-service quick links and building IIQ compliance reports for audit-ready governance dashboards.
You don't need to memorise all 14 modules right now — the point is to understand that SailPoint IIQ is not a single tool with one function. It is a platform where each module handles a distinct enterprise identity challenge. The SailPoint training program builds these skills progressively over 2 months, starting with architecture and onboarding before moving into the advanced governance modules.
Attend a Free Live Demo Before You Decide
See how a real SailPoint IIQ training session runs — 60 minutes, live on Zoom. No payment. No commitment. Just a clear picture of whether this is the right move for your career.
SailPoint IIQ vs Active Directory — What's the Difference?
The most common misconception among IT professionals new to IAM is that Active Directory (AD) already manages identity — so why do enterprises need SailPoint IIQ? The answer is that AD and IIQ serve completely different purposes and work together, not in competition.
| Aspect | Active Directory | SailPoint IIQ |
|---|---|---|
| What it is | A directory service that stores user accounts and authenticates login | An identity governance platform that controls who should have what access and certifies it |
| Primary function | Authentication (is this user who they claim to be?) | Governance (should this user have this access, and can you prove it?) |
| Scope | Windows and Microsoft ecosystem | All enterprise systems — AD, SAP, Workday, Salesforce, Oracle, cloud apps, custom apps |
| Compliance | Not designed for SOX, RBI, or PCI-DSS reporting | Built specifically for audit-ready compliance reporting and access certification |
| Relationship | AD is one of the many systems IIQ connects to and governs | IIQ aggregates AD identity data and applies governance policies on top of it |
| India IT career context | AD Admin is entry-level; lower salary ceiling | IIQ professional is mid-to-senior level; ₹14L–₹35L range |
The practical implication: a strong Active Directory background is excellent preparation for SailPoint IIQ training. AD administrators already understand user accounts, groups, OUs, and directory services — they are learning to extend that knowledge to a platform that governs access across every system in the enterprise, not just the Windows environment.
Who Uses SailPoint IIQ in India?
SailPoint IdentityIQ is deployed primarily in large regulated enterprises where identity governance is a compliance requirement, not an optional capability. In the India market specifically, three sectors drive the majority of IIQ demand:
BFSI Global Capability Centres
JP Morgan, Goldman Sachs, Deutsche Bank, Barclays, HSBC, Standard Chartered, and Citi all operate GCCs in Hyderabad, Bangalore, Pune, and Chennai. RBI, SOX, and PCI-DSS compliance mandates make SailPoint IIQ a core platform in their IAM stack.
Largest India IIQ employer segmentIT Services Majors
Infosys, TCS, Wipro, Accenture, Deloitte, Capgemini, HCL, and LTIMindtree all have IAM practices that deploy and manage SailPoint IIQ for banking, insurance, and enterprise clients. IAM consultants are in constant demand to staff these engagements.
Largest volume of open IIQ rolesHealthcare & Regulated Enterprises
Pharmaceutical companies, healthcare networks, and government entities in India are increasingly deploying IIQ to meet data protection and access governance requirements. This segment is growing as India's digital compliance landscape matures.
Growing demand segmentWhat Does a SailPoint IIQ Professional Actually Do?
Most online resources describe SailPoint IIQ in product terms — features, modules, architecture. What they don't explain is what an IIQ professional does on a typical workday. Here's what the actual job looks like across the main career tracks:
IAM Analyst / Consultant (most common India entry point)
You are the person enterprises call when their IIQ deployment needs configuration, troubleshooting, or expansion. On a typical day you might: configure a new application connector for a newly onboarded system, troubleshoot an aggregation job that is failing to pull accounts from a source system, set up a new access certification campaign for a quarterly SOX review, work with the HR team to validate that lifecycle event triggers are firing correctly, and document configuration changes for the audit trail. This role does not require Java. It requires deep knowledge of IIQ's admin interface, connector configuration, and certification setup.
SailPoint Developer / Engineer (advanced track)
You write the Java-based rules and workflows that make IIQ intelligent. On a typical day you might: write a provisioning rule that determines which Active Directory groups a user gets based on their job title and location, build a custom approval workflow (Module 13) that routes access requests through two managers before provisioning, debug a connector rule that is incorrectly mapping user attributes from the HR system, or write a BeanShell script that calculates a custom risk score for a specific user population. This role requires Java — it is the more technical path and typically commands a ₹5–8L salary premium over the analyst track.
Is SailPoint IIQ Worth Learning in 2026?
The short answer is yes — and the data is clear. With over 12,000 active SailPoint-related listings on Naukri as of mid-2026, IIQ remains one of the few enterprise IT skills where demand significantly outpaces the supply of trained professionals in India.
| Role | Experience | India Salary Range | Track |
|---|---|---|---|
| IAM Analyst | 2–4 years | ₹8L – ₹14L | Analyst |
| SailPoint IIQ Consultant | 3–6 years | ₹14L – ₹22L | Consultant |
| Senior SailPoint Consultant | 5–8 years | ₹20L – ₹30L | Senior |
| IIQ Architect | 8+ years | ₹28L – ₹40L+ | Architect |
These are market estimates based on publicly available data, not guarantees. Salary depends on prior experience, employer, and individual interview performance.
Three structural factors make this demand durable, not a short-term spike. First, BFSI compliance requirements (RBI guidelines on access governance, SOX for listed companies, PCI-DSS for payment systems) are regulatory mandates — companies can't de-prioritise IIQ without audit risk. Second, the AI era is expanding IAM scope, not shrinking it — every AI system and cloud workload needs identity governance, which means IIQ deployments are growing in scope. Third, SailPoint IIQ is a platform with high switching costs — once a large enterprise deploys it, they need IIQ professionals for maintenance, upgrades, and expansion for years.
For IT professionals with 2+ years of experience in Active Directory, application support, IT operations, or Java development, SailPoint IIQ training is one of the most direct paths to a significant salary step-up and long-term career security in the Indian IT market. To understand exactly what the learning path looks like, explore the SailPoint career paths guide.
Frequently Asked Questions
Ready to Build a Career in SailPoint IIQ?
Attend a free 60-minute live demo and see exactly what the training covers, how it works, and whether it's the right fit for your IT background and career goals.