Authors: Ajay Srinivas and Mark Bruce

This blog also appears on

What Are Audit Events?

Audit events are critical to our clients for various reasons — most notably, compliance and troubleshooting. SailPoint’s Identity Security Platform audits all important changes to an identity such as role assignments, password change activities, access requests, and more.

Audit events emitted by many different micro-services within the platform are processed asynchronously by the Audit service which normalizes the data to make it suitable for search, then publishes the event onto a Kafka topic. …

Author: Alex Derzhi

One substantial challenge in reaching rapid CI/CD has been managing the risk inherent to all code changes. Maybe it works great in your dev environment but uses a resource not yet deployed to Production. Maybe it works great with test data, but a customer has an unusual or unsupported configuration that causes the new code to fail. Frequent, small changes significantly reduce that risk, but never to zero. These kinds of issues can cause an outage and tend to make engineers and managers hesitant to release code rapidly. …

Christine Whitlock, Product Manager at SailPoint, has been on our crew for 2.5 years, but her identity career began long before that. After graduating from The University of Texas Austin, she was still deciding what she wanted to do with her degree in management of information systems. Though she wasn’t in search of a job in identity, it found her by way of a consulting job at PwC (a global, SailPoint partner). …

Author: Matt Domsch

Identity security is theoretically easy when you can control all the parameters: all the actors, all the actions, all the environments top to bottom. Rarely are we in such a perfectly controllable world. In reality, multiple companies and products, each with their own approach and insight must work together to provide an overall security posture, exchanging data, events, and secure setup and configuration to enable each product to provide the facet of security for which it’s best.

In the world of identity security, three standards are emerging which enable this security mesh to operate effectively and efficiently…

Am I going to get a promotion this year?

It’s a question you’ve probably asked yourself at some point in your career. If you’re a manager, you’ve almost certainly heard it. At many companies, it’s not clear how best to answer it, or to answer the question behind it: What is expected of me to achieve a promotion to the next level?

Managers and their teams will feel righteously frustrated when they’re “flying blind” without knowing what is expected of them, and doubly so if they ever see someone else promoted and feel that the person didn’t earn it. …

Author: Jeff Upton

Event-Driven Integration with SailPoint

Many modern software architectures are implemented using event-driven programming. An event-driven program is designed to receive and react to events such as user clicks in a UI, object changes in a database, or messages originating from other subsystems in a distributed architecture. A state owner broadcasts predefined events when something changes in their system, and downstream consumers listen to those events and update their state accordingly. This allows decoupled, highly reactive, independent subsystems to all work in concert.

Event-driven programming lends itself well to integration use cases between SaaS applications from different vendors…

Author: Asanka Jayasuriya, CTO at SailPoint

One of my biggest passions as an engineering leader is fostering an environment of collaboration and transparency for my teams. This is important for all teams — but for distributed teams (which we are all on now) it’s critical. One of my strategies for achieving this is liberally stealing great ideas from the places that I’ve worked. Imitation is the best form of flattery and all that good stuff, right? In this case, we’re talking about the DACI process I stole errr… learned at Atlassian.

In a nutshell, the DACI is a framework for…

Author: Justin Watkinson

One trait I appreciate about the DevOps team at SailPoint is an attitude towards “the other CI” — Continuous Improvement. I believe it’s a habit of highly effective DevOps teams to be able to get things out to production quickly, but also be able to quickly iterate and improve upon that solution, striving for quality improvements upon each revision.

One morning, I was asked to deploy a SailPoint Predictive Identity stack in a new AWS region. …

A graphic illustrating continuous DevOps delivery. It reads: Plan, Monitor, Configure, Release, Package, Verify, Create
A graphic illustrating continuous DevOps delivery. It reads: Plan, Monitor, Configure, Release, Package, Verify, Create

Continuous Something or Other is on the mind of every engineer working in the Cloud and SaaS space. Continuous Integration, Continuous Deployment (or is it Delivery!?). Everything must be Continuous. This is for a good reason. CI/CD is table stakes for reducing the risk of changes in a rapidly evolving codebase. It is very difficult to achieve high reliability and high velocity of change without it. CI/CD is no longer a cutting edge, progressive concept, and should be a given on all cloud-based software. However, how do you get there? It may be table stakes, but it’s still not easy…

Authors: Vasil Shlapkou and Jeff Upton

Building a Scalable Microservice Development Architecture

Microservices have become the industrial standard for SaaS enterprise solutions. A microservice is a small, deployable application which is usually designed to handle one specific business task and handle it extremely well. By controlling the number of microservice instances in your production environment you should be able to horizontally scale your applications as needed.

Microservice development is not an easy task. Legacy monolithic application developers can setup, start and debug applications directly on their workstation, comfortably set breakpoints, check application logs, reproduce issues locally and debug the code.


SailPoint is the leader in identity security for the cloud enterprise, ensuring workers have the right access to do their job — no more, no less.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store