Redblock + SailPoint: Closing the Last-Mile Identity Gap for Disconnected Apps

Introduction

Every enterprise today faces the same quiet problem: a large percentage—sometimes as high as 90%—of their applications never make it into Identity Governance. Calling them the “long tail” softens the impact, but it doesn’t change the reality: these applications form the single largest identity blind spot in most organizations.

Yet they hold everything that matters.

These systems contain sensitive access, privileged roles, customer and financial data, internal controls, and core operational workflows. They influence risk, compliance, and day-to-day productivity.

But they remain outside modern governance because they don’t offer APIs. They don’t support SCIM. They don’t integrate with Identity systems such as SailPoint Identity Security Cloud (ISC) or IdentityIQ (IIQ).

A more accurate term is now emerging for them: Disconnected Apps — business-critical applications that sit outside traditional IGA coverage and grow identity debt with every passing day.

Today, we’re excited to announce Redblock’s certified integration with SailPoint ISC and SailPoint IIQ, enabling organizations to finally govern, automate, and audit disconnected apps with the same rigor, consistency, and evidence as their modern application stack.

Redblock reduces attack surface, eliminates identity drift, and delivers end-to-end governance for applications that previously had no integration path — powered entirely by computer-vision-driven agentic automation.

1. What Is Redblock for SailPoint?

Redblock is an Agentic Automation platform for Identity Security that extends SailPoint governance to any web application — including those without APIs, without SCIM, without command-line interfaces, and without out-of-the-box connectors.

Redblock’s computer-vision-driven agents interact with application UIs the same way a human administrator would, but with 100% repeatability, full auditability, and near-instant execution. The platform receives tasks and workflows directly from SailPoint and carries them out autonomously inside disconnected applications, while preserving step-by-step evidence of what the agent did, what it saw, and how it completed the workflow.

Redblock is a certified SailPoint Partner and is officially certified with both SailPoint Identity Security Cloud (ISC) and SailPoint IdentityIQ (IIQ).

"Governance no longer stops at the edge of your connected apps.
With Redblock, SailPoint extends everywhere."

2. Why Disconnected Apps Matter: The Hidden Identity Risk

Disconnected apps are the largest ungoverned surface area in enterprise identity today. In most organizations, there are 2–10X more disconnected applications than connected ones, especially across:

• Legacy web portals
• Industry-specific SaaS
• Vendor and partner consoles
• Regional business tools
• Internally built admin systems
• Financial and operational applications

These systems remain outside governance not because they’re unimportant, but because they are hard to integrate. With no APIs, no SCIM, and no connector strategy, they quietly accumulate identity risk over time.

Disconnected apps create three categories of risk:

i) Attack Surface Expansion

Stale accounts, dormant entitlements, and manual off-boarding compound year after year. Disconnected apps are often where orphaned access hides the longest.

ii) Audit & Compliance Gaps

Regulators and auditors — SOX, FFIEC, PCI, ISO, SOC, internal audit — expect repeatable, evidence-backed control execution across all systems. Disconnected apps break the evidence chain, leading to exceptions, compensating controls, and repeated audit findings.

iii) Operational Friction

Identity teams depend on manual processes, tickets, screenshots, and ad-hoc steps to execute joiner/mover/leaver workflows. This creates delays, inconsistent provisioning, and missed revocations.

Even with world-class governance through SailPoint, organizations still struggle with manual steps for:

• Off-boarding
• Entitlement changes
• Password rotations
• Review remediation
• Compliance evidence collection

3. How Redblock Works: Computer Vision + Autonomous Agents

Redblock uses computer vision and Agentic automation to interact with application UIs the way a human administrator would — but with consistency, speed, and full traceability.

SailPoint remains the authoritative source of identity truth — Redblock extends that governance into the systems that cannot integrate natively. At a high level, this is how Redblock works alongside SailPoint:

‍

‍

Step 1: SailPoint Triggers an Identity Task

A joiner, mover, leaver, access change, or account aggregation event is initiated inside SailPoint. Instead of handing this off to a manual ticket queue, the task is routed to Redblock for instant fulfillment.

Step 2: Redblock AI Web Agent performs Actions Directly in the Application UI

Using secure, browser-based UI automation and computer vision, Redblock's AI Agent:

• Logs into the disconnected application
• Navigates menus and forms
• Finds the admin section
• Creates, modifies, or removes access -- Or -- aggregates all identities and entitlements
• Validates that the change actually took effect
  

Everything the AI agent does is driven by policies and AI guardrails defined in Redblock AI Studio.

Step 3: Evidence, Logs, and Results Are Captured in Redblock

For every run, Redblock automatically captures:

• Detailed execution logs
• Step-by-step actions
• Screenshots where needed
• Timestamps and outcomes

These artifacts are stored and managed inside Redblock and can be:

• Accessed via the Redblock console for audits and investigations
• Exported or retrieved via Redblock APIs for integration with SIEM, GRC, or ITSM
• Referenced from SailPoint workflows (for example, via links, IDs, or external evidence references)

Today, SailPoint is the orchestration and governance system of record, and Redblock is the execution and evidence engine for disconnected apps. Evidence lives in Redblock and is made available to the broader identity and security stack via APIs and reporting, with the option to link artifacts back into SailPoint-driven processes where needed.

‍

"Redblock closes the last-mile gap and removes IT Tickets, CSVs, and manual identity operations."

‍

4. Use Cases for SailPoint Customers

Redblock enables SailPoint customers to extend governance, automation, and auditability across all disconnected applications. The following are the identity outcomes organizations achieve when Redblock is paired with SailPoint:

i) Joiner / Mover / Leaver (JML) for Disconnected Apps

Organizations gain consistent onboarding, entitlement changes, and off-boarding across every application—modern and legacy.

• Dormant and stale accounts are eliminated
• Off-boarding becomes timely and complete
• Identity drift decreases
• Access hygiene improves across the environment

ii) Access Enablement & Entitlement Updates

Disconnected applications receive the same governance rigor as systems with connectors or APIs.

• Access becomes consistent and predictable
• Permission errors drop significantly
• Privilege gaps narrow across legacy and niche systems
  

iii) Access Review Remediation

Review decisions lead to real change across every application.

• Campaigns close without backlog
• Certified access matches actual entitlements
• Audit alignment becomes clearer and more defensible

iv) Password Rotations for Service Accounts

Critical credentials remain compliant with rotation policies.

• No more long-lived passwords
• Reduced operational and security risk
• Manual rotation work disappears
  

v) Break-Glass Account Resets

High-privilege and emergency access follows controlled, documented reset workflows.

• Reset actions are consistent and policy-aligned
• Full audit trails exist for every change
• Incident readiness improves

vi) Audit Evidence Automation

Identity activity across disconnected apps becomes fully traceable and audit-ready.

• Centralized evidence is always available
• Audit preparation time drops dramatically
• Visibility extends across every application

5. Demo: Real Automations in Action

Demo 1: Off-boarding a User in a Disconnected App

This short 60-second video demonstrates how Redblock extends SailPoint governance into a disconnected, UI-driven application. It shows the following step-by-step:

1. Uploading a screen recording of an identity operation into Redblock AI Studio to prepare the disconnected application.
2. Configuring the application inside SailPoint once the AI Studio environment is ready.
3. Running an aggregation that instantly brings all identities from the disconnected app into SailPoint.
4. Triggering a real-time fulfillment to remove a user from the disconnected app.
5. Automatically capturing all evidence and execution artifacts in Redblock for audit and compliance.
   
   

‍

Demo 2: Instant Aggregation: Redblock Pulls 10,000 Users From a Disconnected App

See Redblock autonomously aggregate over 10,000 users from a disconnected, UI-driven application — instantly and with full traceability. This video demonstrates how Redblock extends SailPoint governance into applications that lack APIs, SCIM, or connector support.

What this demo highlights:

• Automatic aggregation of 10K+ user identities
• Zero connectors, zero scripts, zero manual steps
• Computer-vision-driven Agentic automation navigating the application UI
• Full auditability of every action performed
• Seamless alignment with SailPoint governance workflows
  
  

‍

"Disconnected apps no longer need to sit outside IGA. With Redblock + SailPoint, organizations achieve complete visibility, consistent governance, and audit-grade evidence across every application--modern, legacy, or UI-bound."

6. Certified Integration: SailPoint ISC and SailPoint IIQ

Certification is a deep verification of technical compatibility, interoperability, and long-term support expectations. Redblock is officially certified for both SailPoint Identity Security Cloud (ISC) and SailPoint IdentityIQ (IIQ). These certifications reflect deep technical alignment and ensure that organizations can rely on a seamless, secure connection between SailPoint and Redblock.

Certification provides:

• A secure, stable integration architecture
• Alignment with SailPoint provisioning and governance APIs
• Verified interoperability across identity workflows
• Predictable deployment and operational consistency
• Lower effort for joint implementations
• Assurance that Redblock operates within SailPoint governance frameworks
  

Redblock appears in the SailPoint Partner Directory and is already supporting production deployments across financial services, banking, healthcare, technology, and public sector organizations.

"Certification of Redblock with SailPoint ISC and IIQ confirms that Redblock is not a workaround or a side-car automation — it is an officially validated extension of SailPoint’s identity governance platform, purpose-built to bring disconnected applications under the same governance umbrella."

Conclusion: Extending Identity Governance to the Last Mile

Disconnected apps are not going away. Every enterprise relies on systems that will remain UI-driven, legacy-bound, or non-API for years to come. But the identity risk tied to those systems does not need to remain.

With Redblock + SailPoint, organizations extend modern governance to every corner of their environment:

• Governance applies uniformly across all applications
• Attack surface and identity drift shrink dramatically
• Compliance evidence is automatically captured and always ready
• Manual tickets and one-off workflows fall away
• Identity teams recover meaningful hours every week
• Audit season becomes faster, cleaner, and less operationally painful

Redblock gives SailPoint customers a complete, end-to-end governance model—one where every application is covered, every identity is governed, and every action is supported by consistent, audit-grade evidence. The last mile of identity governance is no longer a gap. With Redblock and SailPoint, it becomes an advantage — with Redblock’s AI and automation platform running entirely on-prem, shipped as a virtual appliance so every identity action and model execution stays within your environment.