University of Illinois System
Last item for navigation

SailPoint (IGA)

While IAM ensures that the right people have access to the right resources, Identity Governance and Administration (IGA) provides visibility, control, and auditing to ensure that access is granted appropriately and in accordance with policies and regulations.

SailPoint is the IGA tool that has been chosen as a key component of IAM. The main benefits will be modernized security, workloads, and workflows, enhanced security and compliance, reduced security risks and compliance violations, as well as establishing critical IAM Governance.

The goal of SailPoint is to ensure alignment and consistency, as well as building a unified approach across the University of Illinois System by transforming our current, sometimes conflicting, IAM solutions.

Stakeholder Engagement and Governance

IAM Steering and Identity professionals have begun collaborating across institutions to support the SailPoint Implementation as part of the IAM Modernization initiative.

Student Identity Focus

  •  Engaging with Registrars and Admissions to explore student identity challenges.
  •  Reviewing the full student experience:
    •  Applying - Admission - Enrollment/Deferment
    •  Course and degree interactions
    •  Graduation - Separation
    •  Alumni/former student - Returning as student/employee/other

Employee Identity Focus

  •  Working with HR to understand employee identity challenges.
  •  Reviewing the full employee experience while at the university
    •  Applying/Hiring/Onboarding
    •  Moving between departments/units
    •  Separation/Retirement
    •  Returning as rehire or other role

3rd Party Identity Focus

  •  Working with teams to understand identity challenges/opportunities associated with 3rd party identities
  •  Reviewing the full 3rd party experience:
    •  Onboarding
    •  Separation
    •  Returning
    •  Moving between 3rd and student and/or employee identity

Estimated Project Timeline

Release 1: ISC Foundation, Profiles, Connectors- September 2026

During Release 1, the project team will finalize the core design documentation and implementation plans that guide the overall identity governance program.

This phase establishes the foundation framework needed to support future enhancements, including defining governance, policies, and roles. It also includes building the core technical infrastructure and configuring the base environment required for the identity platform.

Completing this work ensures that all subsequent releases can be implemented on a stable, well-documented, and scalable foundation.

Release 2: Lifecycle Workflows - January 2027

Release 2 will focus on automation and will identity lifecycle processes that will move from manual or semi-manual tasks to fully automated workflows. This included implementing automated onboarding and offboarding processes for both students and employees.

By integrating identity systems with authoritative data sources, accounts and access can now be provisioned and deprovisioned more quickly and consistently. These improvements help individuals get more timely access to the resources they need, reduce staff and administrative workload, and improve security by ensuring timely access changes.

Release 3: Password Management - March 2027

In the Password Management release, enhancements will be made to the UIC self-service password reset portal to improve usability, security, and reliability. The updates will give users a more streamlined process for resetting or recovering their passwords without requiring the use of the help desk.

Strengthening the self-service capabilities helps reduce support requests, minimizes downtime for users who are locked out of their accounts, and reinforces secure identity verification practices.

Release 4: Non-Employee Risk Management - July 2027

Similar to Release 1 and 2, the Non-Employee Risk Management release focuses on modernizing how we manage non-employee (3rd party) identities.

This transition improves the university’s ability to track, govern, and review access for contractors, vendors, and other 3rd parties who require system access but are not traditional employees or students. By bringing non-employee identities into the SailPoint platform, the organization gains better visibility, stronger access controls, and more consistent governance across all identity types.

SailPoint – NERM Quick Start

Technical build out and establishment of connectivity, initial workflow, and identity populations for the Non-Employee Risk Management (NERM) platform. Work is being performed early in the project to support Release 4 activities.

SailPoint – Tenant Connectivity

Technical build out and establishment of connectivity and configuration of infrastructure to support SailPoint Identity Security Cloud (ISC) platform. Work is being performed early in the project to support future project releases.

Estimated Project Timeline

During Release 1, the project team will finalize the core design documentation and implementation plans that guide the overall identity governance program.

This phase establishes the foundation framework needed to support future enhancements, including defining governance, policies, and roles. It also includes building the core technical infrastructure and configuring the base environment required for the identity platform.

Completing this work ensures that all subsequent releases can be implemented on a stable, well-documented, and scalable foundation.

Release 2 will focus on automation and will identity lifecycle processes that will move from manual or semi-manual tasks to fully automated workflows. This included implementing automated onboarding and offboarding processes for both students and employees.

By integrating identity systems with authoritative data sources, accounts and access can now be provisioned and deprovisioned more quickly and consistently. These improvements help individuals get more timely access to the resources they need, reduce staff and administrative workload, and improve security by ensuring timely access changes.

In the Password Management release, enhancements will be made to the UIC self-service password reset portal to improve usability, security, and reliability. The updates will give users a more streamlined process for resetting or recovering their passwords without requiring the use of the help desk.

Strengthening the self-service capabilities helps reduce support requests, minimizes downtime for users who are locked out of their accounts, and reinforces secure identity verification practices.

Similar to Release 1 and 2, the Non-Employee Risk Management release focuses on modernizing how we manage non-employee (3rd party) identities.

This transition improves the university’s ability to track, govern, and review access for contractors, vendors, and other 3rd parties who require system access but are not traditional employees or students. By bringing non-employee identities into the SailPoint platform, the organization gains better visibility, stronger access controls, and more consistent governance across all identity types.

Technical build out and establishment of connectivity, initial workflow, and identity populations for the Non-Employee Risk Management (NERM) platform. Work is being performed early in the project to support Release 4 activities.

Technical build out and establishment of connectivity and configuration of infrastructure to support SailPoint Identity Security Cloud (ISC) platform. Work is being performed early in the project to support future project releases.

SailPoint Education and Connectivity

To prepare the project team for working with SailPoint, both education and connectivity activities are underway:

Training and Education

Key IAM experts from each institution have been identified and are actively engaging in SailPoint Identity University to build foundational knowledge of the product and its components.

Connectivity and Integration Practice

  •  A Hyper-V Virtual Appliance (VA) image was configured and deployed in the data center to assess the work involved in future VA deployments.
  •  Initial practice on SailPoint Source of Record integration has begun, with focus on
    •  Instance naming conventions
    •  Scheduled aggregation setup
    •  MFA token compatibility
    •  Integration with Microsoft Entra
    •  SailPoint identity profile configurations