Centrify and SailPoint Join Forces to Apply Zero Trust Security Best Practices to Identity Governance

May 14, 2018

Today, Centrify is proud to announce the integration of the Centrify Privileged Access Service with SailPoint® Technologies IdentityIQ™ solution.

This integration provides joint customers with a single pane of glass for a privileged user’s entitlements and enables issuing access requests for accounts, systems, and existing roles that are controlled by the Centrify Privileged Access Service. This allows for centralized management and control of identities to quickly identify and mitigate access risks of privileged users, while strengthening an organization’s compliance posture.

Figure: Centrify Privileged Access Service integration with SailPoint IdentityIQ


One of the essential pillars of Zero Trust Security is to limit access and privilege, to minimize risk and lateral movement of bad actors. In this context, many organizations have implemented Privileged Access Management and Identity Governance solutions in their environment. However, this is often done separately.

According to Forrester, privileged user credential misuse makes up 80 percent of today’s breaches. Thus, it is essential for organizations to align both identity disciplines to tie privileged user entitlements back to identities managed in the governance system. Administrators then will be able to enforce certifications of entitlements, helping to ensure that they can meet compliance requirements, and maintain a secure infrastructure.

Organizations continue to struggle with the ability to answer the fundamental questions of ‘who has access to what’ and ‘how that access is being used.’ This holds especially true for privileged users. By integrating the industry-acclaimed Centrify Privileged Access Service with SailPoint’s market-leading identity governance platform, organizations will now have the necessary transparency to confidently answer those questions, while increasing their operational efficiency.


The Centrify integration with SailPoint IdentityIQ provides the following capabilities for joint customers:

  • SailPoint IdentityIQ users can submit access requests via the SailPoint workflow engine for accounts, systems (e.g., servers), and existing roles that are controlled within the Centrify Privileged Access Service solution. Access requests can be submitted on permanent or temporary basis, depending on the organization’s needs and security practices.
  • Centrify Privileged Access Service data can be displayed in the SailPoint IdentityIQ solution, allowing for a granular view of all existing privileged user entitlements to systems and accounts, their roles, and role memberships for attestation and remediation purposes.
  • Shared password management best practices can be applied by allowing for password checkout from within the SailPoint IdentityIQ platform better to enforce access entitlements and ensure compliance.

The integration leads to increased visibility and control of privileged users access and helps to swiftly identify risks and amend privileged user entitlements while increasing the operational efficiency in the context of compliance audits.

For more details on the Centrify SailPoint integration, please Contact Us.

This is written by the individual author in his/her personal capacity, and the opinions, views and/or thoughts expressed herein are solely the author’s own. They are not intended to and may not necessarily reflect the official policy or position, or the opinions or views of ThycoticCentrify or its affiliates, employees, or any other group or individual.