Performing Entitlement Review with SailPoint IdentityIQ

When to Use

• Quarterly or annual access certification campaigns are required for compliance (SOX, HIPAA, PCI-DSS)
• Organization needs automated manager-based access reviews for all direct reports
• Targeted entitlement reviews are needed for sensitive applications or high-privilege roles
• Separation of Duties (SOD) violations must be identified and remediated
• Orphaned accounts and excessive entitlements need to be discovered and cleaned up
• Audit findings require evidence of periodic access review and remediation tracking

Do not use for real-time access control decisions; IdentityIQ certifications are periodic review processes designed for governance and compliance validation.

Prerequisites

• SailPoint IdentityIQ 8.2+ deployed with database backend (Oracle, MySQL, or SQL Server)
• Application connectors configured for all in-scope systems (Active Directory, LDAP, databases, SaaS applications)
• Identity cubes aggregated with current entitlement data from all connected sources
• Email server configured for certification notifications