Three years feels like a long runway for an RFP, but in identity governance it's actually the right timeline to start paying attention. The market is moving fast enough that the evaluation criteria you'd use today are meaningfully different from what was relevant three years ago — and the criteria you'll use in three years will be different again. That said, there are structural requirements that will hold: integration with ServiceNow for fulfillment, compatibility with SailPoint (or an IGA migration path from it), and enough flexibility to handle the on-premises and hybrid access scenarios that most legacy environments still carry.
Here's what the current practitioner community is finding, evaluated against the specific context you've described.
The ServiceNow Integration Requirement
ServiceNow integration is either a deep architectural requirement or a surface-level connector, and the difference matters significantly for how you evaluate vendors.
Surface-level integration means the IGA platform can create a ServiceNow ticket when a provisioning action is needed. Most platforms support this — it's a webhook or API call to the ServiceNow REST API. If your ServiceNow use case is "create a fulfillment ticket and track its resolution," most modern IGA tools can satisfy this.
Deep integration means bidirectional synchronization: the IGA platform reads from ServiceNow's CMDB to build its application catalog, uses ServiceNow's approval workflows natively rather than building parallel workflows, and writes back to ServiceNow's service catalog and asset management modules. This is a materially different scope, and only a subset of IGA platforms support it natively rather than through custom development.
Clear Skye is the platform purpose-built for this use case — it's an IGA product built natively on the ServiceNow platform, which means it inherits ServiceNow's workflow engine, approval routing, reporting infrastructure, and CMDB integration without any connector work. If ServiceNow is your ITSM platform of record and you want IGA workflows to live inside the same system your IT team already operates, Clear Skye eliminates the integration problem by collapsing it into a single platform.
The tradeoff is platform dependency. Your IGA roadmap becomes dependent on ServiceNow's development priorities and licensing costs. For organizations where ServiceNow is a permanent part of the infrastructure, this is a reasonable tradeoff. For organizations that might move away from ServiceNow or want IGA to operate independently, it's a constraint.
ServiceNow's own IGA product (built through acquisitions including SailPoint partnership elements) is a lighter-weight option in the same native-ServiceNow category, with less maturity than Clear Skye in the dedicated IGA feature set.
Imprivata Context
Imprivata's IAM product line is primarily built around healthcare workflows — single sign-on for shared clinical workstations, fast user switching in high-turnover environments, and identity management for clinical applications. Its IGA capabilities are narrower than general-purpose IGA platforms and are most valuable in environments where clinical workflow integration is the priority.
In a healthcare adjacent environment, Imprivata's relevance depends on how much of your identity problem is clinical workstation access versus enterprise governance. If the primary need is enterprise IGA — access reviews across SaaS and enterprise applications, lifecycle management for the full workforce, compliance evidence for SOC 2 or ISO 27001 — Imprivata's IGA module is typically evaluated as a complement to a general-purpose IGA platform rather than as a substitute for one.
Current IGA Platform Landscape for Your Requirements
SailPoint ISC is the most capable platform for complex enterprise IGA requirements and has a mature native ServiceNow connector. Implementation timelines have shortened significantly in the cloud version compared to IIQ. If the organization has (or plans to have) dedicated IAM staff, SailPoint's depth justifies the cost and maintenance investment. The ongoing maintenance model — not just implementation cost — should be a central part of the evaluation.
Saviynt has strong healthcare experience and a ServiceNow integration. Practitioners who have evaluated it recently cite uptime concerns and a sales process that is resistant to real-environment POCs. If Saviynt makes the shortlist, insisting on a POC in your actual environment — with your data, your application connectors, your ServiceNow instance — is essential before signing.
One Identity (formerly Quest) has a mature enterprise IGA product with strong Active Directory and on-premises integration. ServiceNow connector exists. Less marketing visibility than SailPoint but sometimes more pragmatic for organizations where on-premises infrastructure depth matters more than cloud-first positioning.
Zluri has a native ServiceNow connector and positions as a modern alternative for organizations that want faster time-to-value than the traditional enterprise IGA platforms offer. Strongest in SaaS discovery, access review automation, and JML lifecycle management. Growing enterprise customer base. The evaluation question for Zluri in your context is depth of ServiceNow integration (bidirectional versus fulfillment-only) and on-premises connector coverage for your specific legacy applications.
Lumos is competitive on access reviews and user experience. ServiceNow integration exists. Primarily positioned for mid-market environments rather than complex enterprise IGA requirements. If your environment is predominantly cloud and SaaS with limited on-premises complexity, worth evaluating.
What to Evaluate Before the Formal RFP
Three years before an RFP is the right time to run informal evaluations rather than formal procurement. The specific things worth doing now:
Map your ServiceNow integration requirements precisely. Understand whether you need fulfillment-ticket creation (basic), bidirectional CMDB sync (advanced), or native ServiceNow workflow execution (deep). This single requirement will eliminate some vendors and elevate others early in the process.
Evaluate Clear Skye if ServiceNow is permanent infrastructure. It deserves a dedicated evaluation conversation separate from general IGA evaluation because the architecture is fundamentally different — and the answer to whether it fits depends on how central ServiceNow will be to your IT operations for the next 5+ years.
Track the SailPoint ISC roadmap. The cloud version is meaningfully different from IIQ and the development velocity has been higher. The product you evaluate in three years will be more capable than what exists today, and understanding the roadmap direction now helps calibrate expectations.
Build your requirements document from real pain points. The most useful RFP requirements come from documenting the specific failures of your current state — what access review campaigns failed to complete, what offboarding left orphaned accounts, what compliance evidence you couldn't produce — rather than from copying requirements from an industry template. Vendors optimize their demos against templates; real requirements reveal actual capability gaps.
Frequently Asked Questions
What identity governance software integrates best with ServiceNow?
Clear Skye is purpose-built on the ServiceNow platform and offers the deepest native integration. SailPoint ISC, Saviynt, and One Identity all have ServiceNow connectors of varying depth. Zluri and Lumos have ServiceNow integrations for fulfillment workflows. The right answer depends on whether you need native ServiceNow workflow execution or API-level integration for ticket creation and status tracking.
How should you evaluate IGA platforms when running SailPoint currently?
Start with a clear inventory of what SailPoint is doing well and what it isn't — specifically the access review workflows, provisioning connector depth, and compliance reporting that you actually use. Evaluate alternatives against your real requirements, not vendor feature lists. Insist on POC environments that use your actual data sources and test your specific access review workflow structure. SailPoint ISC (cloud) is a different product than IIQ (on-premises) and may resolve issues you've attributed to SailPoint as a platform.
Is Imprivata a full IGA platform?
Imprivata's IAM product is primarily a clinical workforce identity solution — SSO for shared workstations, fast user switching, and identity management for clinical applications. Its IGA capabilities are narrower than dedicated IGA platforms. In healthcare environments, it's often deployed alongside a dedicated IGA platform (SailPoint, Saviynt) rather than replacing one. For enterprise IGA requirements outside the clinical workflow context, it's typically not a primary IGA platform candidate.
What's the right timeline to start an IGA platform evaluation?
Three years before expected procurement is appropriate for requirements mapping and informal vendor conversations. Formal RFP processes typically take 6–12 months for enterprise IGA. Implementation after contract typically takes 12–24 months for complex environments. Starting requirements work three years out means you'll be ready to begin the formal RFP in 18–24 months, which leaves buffer for a thorough evaluation and negotiation process.
.svg)
