Production-ready SailPoint IdentityIQ / IdentityNow rule templates we ship to every client – now free for you
After leading identity programs for seven enterprises (15,000–110,000 identities), the same five gaps appear every single time.
Here are the exact five controls we make mandatory on Day 1 — complete with the SailPoint BeanShell and XML rules we drop into every tenant.
- Real-Time Toxic Combination Blocker – SoD at request time, not just certification time
- Dormant Account Auto-Disable After 25 Days – not 90**
- 90-Day Auto-Expiry on All High-Risk Entitlements
- Just-In-Time Elevation with Automatic Rollback
- Continuous Mini-Certification When Risk Score ≥ 750
All five rules + installation guide are now public and 100 % free:
https://github.com/awadyafai20-jpg/https-github.com-nexlify-public-sailpoint-modern-controls-2025/tree/main
We have run these exact rules in production for over 110,000 identities with zero false positives in 2024 and 2025.
Implement even two of them, and you will instantly jump from “compliant” to “best-in-class”.
Happy securing,
Awad Bin Khaled Yafai
Founder & CEO – Nexlify Innovations Inc
Top comments (0)