SailPoint's market position rests on real capability and real history. It was the dominant IGA platform through the late 2010s, has a deep feature set for governance and compliance, and has a significant installed base of large enterprise customers who aren't moving anytime soon. The "you won't get fired for buying IBM" dynamic one practitioner in this thread described is real — at large regulated organizations, SailPoint is the defensible choice.
What's also real, based on the hands-on practitioner feedback in this thread, is that SailPoint's UX and operational overhead have become its primary competitive vulnerability. The platform works when you work within its constraints. When you don't, the customization burden is significant, and that burden grows.
What Practitioners Actually Experience With SailPoint
The practitioner feedback in this thread is detailed enough to be worth taking seriously rather than dismissing as vendor bashing.
Access reviews are painful for business reviewers. Reviewers see technical entitlement names with minimal business context. Bulk decisions break down when exceptions are needed. Multi-stage review flows — manager to application owner to compliance, for example — require significant customization rather than being configurable out of the box. Escalations and conditional routing based on risk score are hard to implement cleanly. What should be a streamlined governance control becomes an operational burden that requires ongoing IT oversight to function.
Provisioning configuration gets difficult quickly. Standard connectors work for common systems. The complexity accelerates when requirements involve attribute-based provisioning logic across department, region, and role combinations; birthright access modeling across interdependent systems; custom approval flows based on entitlement type; or troubleshooting provisioning failures. The platform requires deep expertise to operate at the edges of its capability.
It's designed for the way SailPoint wants you to work. Multiple practitioners made the same observation: SailPoint is excellent when you use it the way SailPoint intends. The moment your environment has requirements that don't fit the standard patterns — a bank with PDF-format data files from legacy systems, a complex multi-tier approval chain, a custom connector to an on-prem application — the gap between what the documentation describes and what implementation actually requires becomes significant.
O&M is heavy. A 10,000-person organization running SailPoint needed 5 full-time staff plus contractors just to keep it running, and was still processing roughly half of access requests manually. That's not atypical — it reflects the platform's architectural reality that customization is the mechanism for meeting complex requirements, and customization requires maintenance.
What's Changing in the IGA Market
The IIQ-to-ISC migration tension. SailPoint's own market is bifurcated: SailPoint IIQ (the mature on-premises platform) and SailPoint IdentityNow/ISC (the cloud version). Multiple practitioners in this thread noted that SailPoint is focusing engineering investment on ISC while IIQ customers feel left behind. For IIQ-heavy enterprises, the migration path to ISC is a real cost and complexity burden — and the moment an existing customer evaluates migration options is the moment competitors get a genuine hearing.
Mid-market is underserved by enterprise IGA. The practitioner at a 1,000-person bank who "laughed at SailPoint" and found a smaller IGA vendor that "just works" represents a real market segment. For organizations in the 500–5,000 employee range, SailPoint's implementation overhead and pricing often exceed what the use case requires. Mid-market IGA platforms — Zluri, Lumos, ConductorOne, and others — are designed for faster deployment and lower ongoing maintenance at this scale. A practitioner who started access reviews in two months using a smaller vendor's deployment process is describing the value proposition directly.
Access review UX is a differentiation opportunity. The reviewer experience in access certifications is one of SailPoint's most consistently criticized aspects. The platforms that are winning mid-market deals often lead with reviewer-facing UX — context-rich dashboards that show why a review is flagged, activity data to inform the decision, and a simple approve/revoke/modify interface that doesn't require training. For compliance-driven buyers whose primary use case is access certifications, reviewer experience matters as much as backend capability.
ISPM is an emerging layer. Veza's positioning — Identity Security Posture Management, providing granular visibility into what users can actually do inside cloud infrastructure — represents a layer that traditional IGA platforms including SailPoint don't cover well. The question practitioners are working through is whether to buy ISPM as a separate tool alongside IGA, or wait for one of the platforms to expand into this space. Veza is currently the most-cited purpose-built ISPM option; how this plays out over the next few years will shape the market structure.
Where Each Alternative Fits
Saviynt is the most direct enterprise IGA competitor to SailPoint. Multiple practitioners have evaluated both; the feedback is that Saviynt has narrowed the gap and is strong for SOX-regulated environments, but has scalability limitations relative to SailPoint at the largest enterprise tier. For organizations that need enterprise IGA at meaningful scale but want to avoid the SailPoint commitment, Saviynt is the most mature alternative.
OneIdentity comes up less often in discussions but had strong evaluations from practitioners who compared it directly to SailPoint. The perception is that it's more customization-friendly — which is either an advantage or a warning sign depending on how you interpret it (one practitioner's observation: if the vendor is promoting customizability, they may know their standard features have gaps).
Okta Identity Governance and Microsoft Entra ID Governance are relevant for organizations already deeply invested in those ecosystems. Both have expanded into IGA from the IAM layer. Both are maturing rapidly. Both are limited to governing what's within their respective ecosystems, which is a real constraint for organizations with complex multi-platform environments.
Zluri, Lumos, ConductorOne represent the next-generation mid-market IGA category. These platforms combined SaaS management visibility with IGA governance, deploy faster than enterprise platforms, and are designed for organizations in the 500–5,000 employee range. They're not competing for the 50,000-person regulated enterprise deployment — they're competing for the segment where SailPoint is often overpriced and over-complicated for the actual requirements.
Veza is ISPM rather than full IGA. Best evaluated as a complement to an IGA platform for organizations with complex cloud infrastructure entitlement requirements rather than as a SailPoint replacement.
The Honest Assessment of Where This Goes
The "SailPoint stays dominant at large enterprises" scenario is likely to hold for the medium term for a straightforward reason: large enterprises with active SailPoint deployments aren't going to rip and replace without a compelling reason, and the cost and risk of switching is high enough that incremental dissatisfaction doesn't drive replacement. The installed base is sticky.
The more interesting competitive story is at the edges. Mid-market organizations evaluating IGA for the first time are less likely to select SailPoint than they were five years ago, because the alternatives are now capable enough to handle the use case at lower cost and lower implementation overhead. Organizations migrating from IIQ to ISC have a forced evaluation moment where competitors get a genuine hearing. And organizations whose primary IGA need is access certifications rather than deep provisioning automation are finding that smaller, more focused platforms meet the requirement without the full SailPoint commitment.
Frequently Asked Questions
Is SailPoint the best IGA platform for all organizations?
SailPoint is the strongest enterprise IGA platform for large regulated organizations with dedicated IAM teams and complex governance requirements. For mid-market organizations (roughly 500–5,000 employees), the implementation complexity and cost often exceed what the use case requires, and faster-deploying alternatives like Zluri, Lumos, or Access Auditor may better match the actual need. The right platform depends heavily on organization size, regulatory requirements, available IT resources for ongoing maintenance, and whether the primary need is access certifications, provisioning automation, or both.
What are the main criticisms of SailPoint from practitioners?
The most consistent practitioner criticism of SailPoint is the reviewer UX for access certifications — technical entitlement names without business context, limited conditional routing, and difficult multi-stage approval flows. The second most common is the customization burden: the platform works well for standard patterns and requires significant engineering investment when requirements fall outside them. The third is operations and maintenance overhead — running SailPoint at scale requires a dedicated team, and that team spends a significant portion of its time on maintenance rather than new capability.
What is the difference between SailPoint IIQ and SailPoint IdentityNow (ISC)?
SailPoint IIQ is the mature on-premises platform that most large enterprise customers have historically deployed. SailPoint IdentityNow (ISC) is the cloud-native version SailPoint has been developing and is now pushing as its primary product. IIQ is widely considered more feature-complete for complex on-premises scenarios; ISC is newer and still building feature parity in some areas. SailPoint is directing engineering investment toward ISC, which has created friction with the large installed base of IIQ customers who need a migration path.
What is Identity Security Posture Management (ISPM) and how does it differ from IGA?
IGA manages the lifecycle of access — who has access, whether it's appropriate, access reviews, and JML automation. ISPM provides visibility into what users can actually do with that access at the permission level — specific read/write/delete capabilities on specific cloud resources, unusual entitlement combinations, and configuration drift in the identity infrastructure. Most IGA platforms including SailPoint provide limited ISPM capability; Veza is the most-cited purpose-built ISPM tool. Many organizations are evaluating whether to run ISPM alongside their IGA platform or wait for the platforms to expand into this space.
.svg)
