Trust Center
AI at SailPoint
Built on Trust
Overview
Responsibility is our identity.
At SailPoint, AI is the driving force behind identity security. Our AI-powered solutions analyze complex data patterns and user behaviors to deliver personalized recommendations and actionable insights uniquely tailored to each customer. As AI adoption grows, so do questions around responsibility and trust. We take these concerns seriously and prioritize characteristics of trustworthy AI from design to deployment, to ensure that our products support the ethical adoption and use of AI and give our customers confidence in the technology they rely on.
SailPoint's AI
The Unique Features of SailPoint's AI
At SailPoint, trust is the cornerstone of our AI capabilities. The chart below offers a detailed look at the features that set our AI apart.
Product Domain | Feature | IdentityIQ | Identity Security Cloud* | Description |
|---|---|---|---|---|
Access Objects & Modeling | Access Request Recommendations | A recommendation system that uses collaborative filtering and graph analytics to recommend access entitlements that an identity may need based on the access that their peers within the organization possess. | ||
Access Objects & Modeling | Role Discovery | Patented technology that uses unsupervised machine learning to discover and recommend roles for an organization by identifying communities within that organization who share similar access. | ||
Access Objects & Modeling | Access Certification Recommendations | A recommendation system that uses graph analytics to recommend whether a certification campaign should be approved or revoked based on similarity of access patterns between an identity and their peers within the organization. | ||
Access Objects & Modeling | Discover Common Access | Uses unsupervised learning to discover and recommend common access roles that capture access shared by large groups of identities within an organization. | ||
Access Objects & Modeling | GenAI Descriptions for Entitlements | Uses Generative AI to suggest human readable descriptions of entitlements. | ||
Access Objects & Modeling | Identity Outliers | Patented technology that uses unsupervised machine learning to detect identities with unusual or potentially risky access derived from an organization’s Identity Graph. Contextual Insights provides Explainable AI to help users understand why identities are outliers and how to remediate. | ||
Access Objects & Modeling | Scoped Role Discovery | Patented technology that uses unsupervised machine learning to discover and recommend roles by identifying communities of identities who share similar access within a user-specified scope. | ||
Application Onboarding | Account Correlation Recommendations | Conducts similarity analysis to recommend correlation rules and automatically map accounts in a source system to identities in Identity Security Cloud. | ||
Application Onboarding | Account Provisioning Recommendations | Conducts similarity analysis to recommend correlation rules and automatically map accounts in a source system to identities in Identity Security Cloud, and recommend attribute mappings. | ||
Access Intelligence Center | Ask Insight Advisor | Natural Language Search to build a chart keyed off Time, Categories, or Measures of the data. | ||
Access Intelligence Center | Associative Insights | Qlik Cognitive engine selects fields of interest that impact the selections. | ||
Access Intelligence Center | Clustering (k-means) | Clusters of measures using statistical algorithm. | ||
Access Intelligence Center | Anomaly (spike and trend) | Analysis to detect data variations. | ||
Access Intelligence Center | Insight Advisor | Auto-Analysis of data to suggest charts. |
* Some features not available in all suites. For more information, visit Identity Security Cloud Suites.
FAQ
All your AI questions answered
Find answers to common questions about SailPoint’s AI solutions below.
Are the AI features available automatically or do they require an opt-in?
AI features included with the suite purchased by the customer are automatically available in Identity Security Cloud, as further detailed at https://documentation.sailpoint.com/main_landing_page/customer_agreements.html#sailpoint-identity-security-cloud-suites.
AI features are not included automatically in IdentityIQ. An AI-specific add-on may be purchased for IdentityIQ. The AI features included in this add-on are automatically available once purchased (following completion of tenant set-up and configuration); no additional opt-in is required.
Are any of SailPoint’s AI features considered high-risk?
AI regulation is a continuously and rapidly evolving space. Like many others, we are watching closely to understand the scope of new laws and monitor guidance as it becomes available.
In general, we consider SailPoint’s AI features to be on the lower end of the risk spectrum. SailPoint’s AI features can be used to aid security and IT teams in assigning, reviewing, reporting on, and disabling access to a business’ organizational assets such as applications, databases, and files. Our products do not collect or use any biometric data, do not make assessments based on sensitive individual attributes, do not enable unlawful discrimination against individuals, do not contribute to any consequential decisions about individuals, and do not pose a significant risk of harm to the health, safety, or fundamental rights of any natural person when used for their intended purposes.
The types of tools and AI functionality provided by SailPoint are not the types of things that regulators are most concerned with. However, the regulatory landscape around AI will continue to change as new laws are passed and the technology advances. We are closely monitoring emerging legislation and legal developments to ensure conformance with all requirements applicable to SailPoint’s AI tools.
Who provides the AI models used in SailPoint’s AI features?
For IdentityIQ, all models are developed and maintained by SailPoint and hosted on SailPoint’s private AWS cloud.
For Identity Security Cloud, SailPoint uses a combination of models that include:
- Proprietary models that are developed and maintained in-house by SailPoint and hosted on SailPoint’s private cloud;
- Open-source models that are hosted SailPoint’s private cloud and have been trained, fine-tuned, or otherwise optimized for SailPoint’s use cases;
- Third-party models that are provided and hosted on a private cloud server by one of SailPoint’s data subprocessors;
- Third-party large-language models that are hosted by Amazon Bedrock. Currently, our generative AI features run on the Anthropic Claude family of models that are provided by Amazon Bedrock. Learn more about Amazon Bedrock at https://aws.amazon.com/bedrock/.
Is customer data used for any model training purposes?
For all of our AI features available today, SailPoint deploys a dedicated, customer-specific version of the model to the customer’s tenant or environment. The dedicated version will be optimized and periodically updated with the customer’s data, ensuring that the insights and recommendations provided are relevant to that customer, up-to-date, and evolve dynamically with the customer's organization. Models deployed in this fashion are isolated to the customer and the customer’s data is not accessible to, nor used to train a model for, any other customers.
SailPoint also collects customer feedback through multiple channels (which may include a "thumbs up" or "thumbs down" on AI features), and SailPoint uses such feedback to troubleshoot and improve model performance.
As AI technology continues to evolve, SailPoint may determine that there are business cases that can best be solved by shared models, or models that leverage cross-tenant training on customer data. If SailPoint releases any features that use such shared models, Customers who do not wish to have their data used for training may opt-out of using these features.
None of the models underlying our AI features are trained with personally identifiable information (PII).
Can we opt-out of or disable any AI features?
Yes. Some features require an additional step to configure or set up, so the customer can choose to disable these at any time or elect not to configure them in the first place. For automatically-enabled features, customers may opt-out of having these enabled in the customer’s tenant. However, some functionality may be lost and opting out of receiving these features will not entitle the customer to refunds or discounts on future fees.
How does SailPoint use my inputs and outputs?
Currently, SailPoint’s AI features provide only for limited-context input and outputs. A user initiates an AI task by clicking a button or executing an AI-powered process, such as auto-discovering roles. This “input” is treated as statistical usage data by SailPoint in the same manner as any other user activity metrics. “Outputs” consist of recommendations that are unique to the customer’s organizational structure and application configurations. Accordingly, “outputs” are not used by SailPoint for purposes outside of serving the customer and general product improvement (e.g., providing troubleshooting, bug fixes, and support).
Does SailPoint use my data to serve other customers?
Currently, there are no AI features that use customer data to train models across customers. Accordingly, the data you submit and the responses you receive are used only to serve your experience.
How does Amazon Bedrock work? Does Amazon send data to third-party foundation model providers?
Amazon Bedrock provides a managed service for deployment of large language models from a controlled, limited-access environment. Amazon deploys these third-party models using a privately-owned and operated AWS account in the specified region; this account is not accessible to the third-party model provider. As the model providers do not have access to this account, they do not have access to either a customer’s inference data or their customization training data sets, and hence that data will not be available to model providers for them to improve their base models. Amazon Bedrock has achieved ISO/IEC 42001 accredited certification, demonstrating AWS’ commitment to Responsible AI. Learn more about Amazon Bedrock at https://aws.amazon.com/bedrock/.
How does SailPoint protect personal data?
All customer data is treated in accordance with our strict cybersecurity certification requirements and rigorous security measures. Customer personal information is governed by our GDPR-compliant privacy program. For more about information security, privacy, and compliance at SailPoint, visit our Trust Center at https://www.sailpoint.com/why-us/trust.
What is SailPoint’s approach to responsible AI development?
SailPoint has not adopted a specific responsible AI framework such as the NIST AI RMF or the OECD Principles. Instead, we align our development practices to these unifying high-level principles:
- Transparency. SailPoint incorporates Explainable AI (XAI) into our products to help users understand and interpret decisions made by our AI models. For example, Contextual Insights shows the factors that led the model to classify an identity as an outlier and surfaces actionable steps to remediate based on those factors.
- Fairness & Reduction of Bias. To prevent bias and unfairness, we scrutinize input data to our AI models and avoid using attributes historically linked to unfairness (e.g., race, gender, and religious preference). Prior to deployment, we conduct a Readiness Assessment of all AI models which audits model fairness and ensures the model is evaluated against diverse slices of data to unearth potential bias. Once deployed, every AI model is monitored to identify changes in performance and detect unfair outcomes.
- Data Minimization. We use personal information only when necessary. We avoid training models using personal data whenever possible. If personal information is required for the functionality of a feature, then the feature will be designed to use an isolated model that is deployed only to the specific customer.
- Human-in-the-loop. Our AI features do not take any actions or make decisions automatically. Instead, a human reviewer is presented with recommendations and explanations and is empowered to determine what actions (if any) to take.