Showing results for 
Show  only  | Search instead for 
Did you mean: 

File Access Manager deployment guide

File Access Manager deployment guide



This article provides a collection of information, resources, tools, and best practices for deploying File Access Manager (formerly known as SecurityIQ).


Project phases

The recommended methodology for deploying a File Access Manager project comprises four phases:

  • Pre-Kickoff
  • Visibility
  • Control
  • Transition



The Pre-Kickoff phase is focused on preparing for the initial install and configuration of File Access Manager.

This phase typically lasts 1-2 weeks, and includes activities similar to the following:

  • Pre-project setup and project manager tasks
  • Introduction call with customer
  • Hardware sizing and setup
  • Project kickoff planning
  • Prerequisite planning and verification
  • Drafting the project plan and status report template



The Visibility phase is focused on the initial install/config of File Access Manager, requirements gathering, and data/permissions collection.


The timeline for this phase is approximately 2-4 weeks, and includes:

  • Project kickoff
  • Installing the product and connecting to end-points
  • Performing basic configuration
  • Initial data gathering
    • Permissions scanning
    • Activity collection
    • Data classification scanning
  • Data analysis and reporting on findings
  • Identifying sensitive data



The Control phase is focused on the setup of on-going reports and controls.


The timeline for this phase is approximately 2-4 weeks, and includes:

  • Implementing controls based on requirements such as:
    • Alerts
    • Reports
    • Rules
  • Analyzing data from permissions, activity, and sensitive data
  • Creating the necessary reports and alerts. These may include:
    • Permissions Reports showing over-exposed resources, direct users permissions, and local administrators

    • Activities Reports showing privileged users activities or alerts configured to be triggered on high-risk activities

    • Customer-Specific Reports
  • Scheduling all on-going tasks



Once the Visibility and Control phases are complete, additional components and use cases can be implemented.


The timeline for this phase varies from project to project, and can include activities such as:

  • Adding more end-points for permissions collection and/or activity monitoring
  • Data classification
  • Setting up additional File Access Manager use cases such as:
    • Access review/request
    • Data owner elections
    • Normalization
  • Policies or customer-specific use cases
    • Listing all unclassified documents
    • Alerting of access to a sensitive file/folder
    • Alerting on permissions changes
  • Integration with IdentityIQ
  • Testing and documentation such as:
    • Maintenance procedures
    • Runbook
  • Transition to the support organization


Project/partner best practices

SailPoint recommends these best practices for partner projects:

  • Engage SailPoint for partner enablement (training + shadowing). Don’t do it alone.
  • Clearly understand File Access Manager product capabilities. Plan your projects accordingly.
  • Build the right team with the right skill sets. File Access Manager is a unique product.
  • Phased deployments work best for File Access Manager. Start with the Best Practices Deployment, show value, and expand from there.
  • Always conduct a thorough Sales/SE–to–Professional Services handoff before the project starts.
  • Verify prerequisites, and don’t start until the team is ready. Use the pre-requisite guide referenced in this article.
  • Even after your team is enabled, engage SailPoint Professional Services (Expert Services and Governance)
  • Leverage SailPoint knowledge, training/enablement, best practices, and the Compass community


Training options

SailPoint offers classroom based, instructor-led remote, and self-paced eLearning training courses for File Access Manager. The current course offerings for File Access Manager are:

  • File Access Manager Introduction: This online course provides an overview of SailPoint’s SecurityIQ product, which helps organizations perform identity governance over their unstructured data resources.
  • File Access Manager Implementation and Administration: This online course is targeted at prospective technical members of a SecurityIQ implementation team and administrators of a SecurityIQ implementation. It provides a specific focus on hands-on learning.


Details about these courses, and a course schedule, are here: Identity University


Classroom based training options for File Access Manager

Classroom-based, instructor-led File Access Manager training can be offered at your site. We recommend this option if you plan on training more than 6 people in one class. SailPoint will bring the 4-day course to you, saving you travel costs and time. Contact your Partner Manager or Customer Success Manager to learn about pricing and schedule a course.


File Access Manager office hours

SailPoint also offers regularly-scheduled webinars for File Access Manager that highlight the many features File Access Manager has to offer. These webinarsare offered at a variety of dates and times friendly to North American, European, and APAC time zones.

Tags (1)

alot of the links appear to be broken on this page. Does anyone know where to find the file access manager guides?


Did you already check out the IdentityIQ File Access Manager (formerly SecurityIQ) > Documentation section of Compass? 

@rose_cobb ,

When on clicking the link in your last comment, the page on which I land displays "Access Denied". Is this normal? Thanks for your feedback.

@tostom If a user sees an Access Denied screen, it is because they do not have the permissions to view that space. If you are a File Access Manager customer and should have that role in Compass, please email so that they can troubleshoot your account. 

Version history
Revision #:
3 of 3
Last update:
‎Jun 28, 2023 02:11 PM
Updated by: