SailPoint Technologies today added a bevy of capabilities that makes it possible for organizations to manage identities on a more granular level.

Announced at the SailPoint Navigate 2024 conference, the company is also previewing a set of artificial intelligence (AI) agents, available in beta, to simplify the management of identities that it plans to make available in the first half of 2025.

In the meantime, a task automation capability has been added to the company’s core Atlas privileged access management (PAM) platform that promises to make it simpler to temporarily grant additional access for defined periods of time to specific individuals or groups.

Andrew Moore, vice president of product for SailPoint, said the goal is to eliminate the need to overprovision privileges by giving the teams responsible for controlling access a workflow tool that enables them to respond to changing requirements more adroitly.

In addition, the SailPoint Identity Security Cloud, also based on Atlas, is being updated to enable organizations to segment data in a way that makes it easier to apply more granular controls based on roles that can now be managed with greater context that allow for certain exceptions.

SailPoint is also adding an Access Model Metadata capability that can be used to enrich access roles, and access profiles and entitlements using custom attributes.

The company is also adding SailPoint Machine Identity Security, an offering that enables organizations to manage machine identities assigned to specific systems and applications alongside human identities, and SailPoint Identity Risk – an offering with limited availability that provides visibility into both human and machine sessions to surface contextual insights that can be used by security incident response teams to prioritize remediation efforts.

Finally, SailPoint is also extending its onboarding capabilities by adding additional AI capabilities to automate account provisioning, application discovery and more detailed activity notifications, and account correlation mapping recommendations.

Collectively, these capabilities will make it simpler for organizations to govern identities using an integrated platform, said Moore. That’s especially critical for managing machine identities that many organizations today are unable to effectively track and manage, he added. A recent SailPoint research report found two-thirds of respondents (66%) are relying on manual processes to manage machine identities, with just 38% having real-time visibility into active machine identities.

Nearly 70% said they are now managing more machine identities than human identities and that on average they expect machine identities to increase 30% in the next three to five years. A full 88% noted they worry that deleting an inactive machine identity might disrupt operations in unforeseen ways.

In an era where cybercriminals now routinely steal credentials to bypass other security controls, the need for ways to more proactively manage identity has never been more pronounced. The challenges are that it’s not always clear who within an organization is responsible for provision access in the first place, and making sure that individuals only have access to the applications and resources they need to accomplish the tasks assigned to them. All too often privileges are overprovisioned to the point where, once compromised, a cybercriminal gains access to the complete IT environment.

Hopefully, as part of an effort to embrace zero-trust IT principles, there is a lot more focus today on the nuances of identity management issues that, more than anyone cares to admit, are the root cause of far too many devastating security breaches.