Beyond the vault: Why Universal Privilege is the future of Privileged Access
SailPoint: Privilege Discovery and Classification / Privilege Insights
New Features:
Privilege Discovery and Classification:
SailPoint has introduced Privilege Discovery and Classification as a foundational component of SailPoint Identity Security Cloud. This capability is designed to help organizations automatically identify privileged entitlements across the enterprise, reducing the need for manual review and giving security teams broader visibility into where privileged access exists.
Classify Privilege by Risk:
With this enhancement, privileged entitlements can be classified by risk level, such as high, medium, or low. This helps organizations prioritize the access that matters most and focus effort on the entitlements that present the greatest potential exposure to the business.
Highlight Key Risk Areas:
These new capabilities help security teams visually pinpoint the areas of privileged access that create the highest risk. This gives teams a more practical way to understand where access-related exposure exists and where stronger controls may be needed.
Privilege Insights / Visualize Pathways to Privilege:
Through SailPoint Observability and Insights, security teams can now better understand how privilege is assigned, inherited, and exposed across identities. This includes visibility into direct privilege as well as hidden or overlapping pathways to privilege, helping organizations reduce unnecessary access and support a stronger least privilege model.
Support for Least Privilege at Scale:
SailPoint positions these capabilities as a way to make least privilege more achievable in large, fast-changing environments. Instead of relying on slow, manual analysis across massive entitlement sets, organizations can discover and evaluate privileged access much more efficiently. SailPoint states that work that previously could take years of manual analysis can now be done in days or hours.
Platform Availability:
These capabilities are available as part of SailPoint Identity Security Cloud and form part of SailPoint’s broader privilege security direction.
Further details available here:
Beyond the vault: Why Universal Privilege is the future of Privileged Access
SailPoint Announces Integrations with the CrowdStrike Falcon Platform
Why This Matters
• Brings identity context into security operations so teams can see who is involved, what access is affected, and respond faster to identity-based threats.
• Enables shared data and automated workflows between identity governance and threat detection/response to improve visibility and speed up remediation.
What Has Changed
• New integrations between SailPoint Identity Security Cloud and the CrowdStrike Falcon® platform to connect identity and threat data.
• Integrates with Falcon Next-Gen Identity Security, Falcon Next-Gen SIEM, and Falcon Fusion SOAR (part of CrowdStrike Charlotte AI).
• Allows customers to:
– Apply CrowdStrike identity risk insights in SailPoint for dynamic, risk-based access decisions.
– Ingest SailPoint identity data into Falcon Next-Gen SIEM to correlate identity/access patterns with real-time threat activity.
– Trigger SailPoint remediation actions via Falcon Fusion SOAR (e.g., disabling accounts or revoking access) to accelerate response.
Timelines
Released on 18 December 2025
SailPoint Introduces: Agent Identity Security
Why This Matters
As AI agents become integral members of the workforce, organizations need a way to govern and secure them just like human identities.
Agent Identity Security helps enterprises:
- Discover, secure, and govern AI agents under one unified control plane
- Assign ownership and ensure accountability for every agent
- Prevent over-permissioning, misalignment, and regulatory exposure
What Has Changed
Agent Identity Security extends SailPoint’s Identity Security Cloud to include AI agents alongside human users.
Key capabilities include:
- AI Agent Aggregation & Identity Creation – Connect directly to AWS, Azure, and GCP to onboard AI agents with enriched identity context
- Ownership & Succession Planning – Assign human owners to agents and maintain continuous oversight
- Certification & Review – Recertify agent access regularly and revoke inappropriate permissions
- Tool Governance – Apply consistent policies to agent service accounts from creation through retirement
- Audit & Traceability – Maintain full audit trails and certification records for compliance and investigations
Available for: Business and Business+ customers as an add-on capability
SailPoint: MCP (Model Context Protocol) Server update
SailPoint has just introduced the MCP (Model Context Protocol) Server, and this could be a game changer for how we handle access requests. In short, the MCP Server acts as a standardised bridge between AI applications and SailPoint’s Identity Security Cloud (ISC). Instead of needing heavy custom integration or multiple request centers, it gives you a ready-made interface to connect AI tools directly into SailPoint. That means access requests can finally become as simple as asking an assistant in plain language, without dropping enterprise security standards.
Key Benefits:
- Quick Integration: quickly connect AI applications to SailPoint in 5-15 minutes without complex custom development.
- Natural Language Processing: Enable conversational access request at scale.
- Future-Proof Architecture: Built on MCP standard and regular updates to ensure compatibility with emerging AI platforms and security.
- Enterprise-grade: Maintains SailPoint’s proven IAM expertise and enterprise-grade scalability and security.
Getting Started:
- SailPoint Identity Security Cloud access is required.
- Choose integration approach based on technical requirements.
- Setup authentication following provided guides (coming soon).
- Begin building AI-powered access management experiences
Important Dates:
- General Availability: Sept 29, 2025
- Integration Documentation: Sept 29, 2025
- Expanded Toolkit: 6-12 months post-GA for expanded MCP tools
