Skip to content
Insights
Request Services
RFP
RFP template · reviewed 2026-05-22

IGA RFP template — the questions to actually ask

A copy-into-Word RFP scaffold for selecting an IGA platform (SailPoint, Saviynt, Omada, One Identity). Differentiating questions on certification cadence, SoD, and role mining.

Share
We can run this for you

Who uses it

CISO / Chief Compliance Officer at regulated enterprises selecting or replacing an IGA platform.

Typical timeline

12-16 weeks RFP → shortlist → bake-off → award

20 questions across 8 sections. CC BY 4.0 — copy freely.

1. Vendor background

  1. 1.1

    Company background, ownership, customer count in our size bracket.

  2. 1.2

    Reference customers in our industry — 3-5 willing to take a call.

  3. 1.3

    12-month roadmap, especially around AI-assisted decisions + cloud-native delivery.

2. Connector library + provisioning

  1. 2.1

    Number of certified connectors. Provide list. Specifically call out: HRIS (Workday, SuccessFactors), AD, SaaS providers (top 50), SAP, mainframe.

  2. 2.2

    Custom connector framework. Time-to-build a custom connector for an obscure app.

  3. 2.3

    SCIM 2.0 conformance level.

3. Access certifications

  1. 3.1

    Describe certification campaign types — manager, app-owner, role-based, risk-based.

  2. 3.2

    Describe reviewer UX. What context does the reviewer see (last-login, peer comparison, risk indicators)?

  3. 3.3

    Continuous certification mode vs campaign mode.

4. Role mining + management

  1. 4.1

    Describe the role-mining engine. AI / ML assistance? Manual vs automated workflow?

  2. 4.2

    How is the role model maintained over time? Drift detection? Periodic re-mining?

5. Separation of duties

  1. 5.1

    Describe SoD rule engine — how rules are expressed, enforced at request time vs detected post-grant.

  2. 5.2

    SAP-specific SoD analytics support (if applicable).

  3. 5.3

    Exception / risk-acceptance workflow.

6. Workflow + automation

  1. 6.1

    Describe the workflow engine. UI-based vs code-based.

  2. 6.2

    Version control / change management of workflows.

7. Audit + compliance

  1. 7.1

    Describe audit log emission + retention.

  2. 7.2

    Pre-built reports for FedRAMP, SOC 2, HIPAA, FFIEC.

8. Pricing + implementation

  1. 8.1

    Per-identity pricing. Connector add-ons.

  2. 8.2

    3-year TCO including implementation services (often 1-2× annual license).

Evaluation rubric

How to score responses.

CriterionWeightHow to score
Connector coverage15%Specifically for your environment — SAP, mainframe, custom apps.
Certification reviewer UX15%Context + decision-support determines rubber-stamp rate.
Role mining maturity15%AI assist + re-mining workflow.
SoD enforcement15%Request-time vs post-grant; SAP fit.
Workflow extensibility10%Custom logic at scale.
TCO (3yr)15%Including implementation services.
Reference customer signal15%3-5 references.
Want help running it?

We run vendor selections + bake-offs.

Vendor-neutral procurement assistance — from RFP to shortlist to bake-off to negotiation. We’ve seen every vendor pitch + every contract structure.

Talk to a procurement leadPricing index

Identity, cybersecurity, and custom software for regulated enterprises. Audit-ready operations from advisory through audit.

Americas HQ

Wilmington, DE

America/New York

India HQ

Hyderabad, TG

Asia/Kolkata

Services
  • IAM Consulting
  • IAM Technologies
  • Custom Software & AI
  • IAM Staffing
  • Request Services
  • Case Studies
Resources
  • All Resources
  • Complete Guide to IAM
  • IAM Frameworks Compared
  • IAM Certification Roadmap
  • IAM API Hub
  • IAM Explainers
  • IAM Vendor Status
  • Release Notes
  • State of Identity
  • State of PAM
  • State of IGA
  • State of CIAM
  • State of AI Agent Identity
  • IAM Salary Benchmark
  • Vendor Pricing Index
  • Year in Review 2026
  • Acquisition Tracker
  • Outage Tracker
  • Identity Incidents
  • Vulnerability Tracker
  • Cheat Sheets
  • Standards Explainers
  • Migration Playbooks
  • Audit Checklists
  • Reference Architectures
  • RFP Templates
  • IAM Anti-Patterns
  • Compliance Crosswalk
  • Market Landscape
  • Awesome IAM
  • IAM Glossary
  • Compliance Frameworks
  • Integration Guides
  • Vendor Alternatives
  • IAM by Industry
  • Salary Lookup
  • Directory
Research & media
  • IAM Compensation 2026
  • Vendor Moves Q3 2026
  • Identity Incidents Q3 2026
  • Vendor Security Posture 2026
  • Vendor Pricing 2026
  • AI Citation Tracker
  • Top 50 IAM Tools 2026
  • Podcast
  • Videos
  • Newsletter
  • Newsletter Archive
  • Embed Widgets
Free tools
  • JWT Decoder
  • JWT Signer
  • SAML Decoder
  • SAML Metadata Diff
  • OAuth Flow Visualizer
  • OIDC Debugger
  • OIDC Discovery Validator
  • PKCE Generator
  • WebAuthn Tester
  • Bearer Token Inspector
  • SCIM Validator
  • Password Entropy
  • IAM RFP Template
  • PAM Vendor Selector
  • Maturity Assessment
  • ROI Calculator
  • TCO Calculator
  • MFA Bypass Risk
  • Audit-Prep Burden
  • Quizzes
Company
  • About
  • Leadership
  • Approach
  • Why Choose Us
  • Partners
  • Press Kit
  • Press Topics
  • Global Presence
  • Locations
  • Insights
  • Now
  • Community
  • Open Roles
  • Submit Resume
  • Training
  • Contact

© 2026 askmeidentity, Inc.. Safeguard your digital frontier.

  • Privacy Policy
  • Terms of Service
  • Accessibility