Looking to Connect: NERM (Non-Employee Risk Management) Implementation Experience

Hi everyone,

I hope you’re doing well.

I’m currently exploring SailPoint NERM (Non-Employee Risk Management) and would like to connect with anyone who has recently implemented or worked on NERM, particularly in real-world production environments.

I’m especially interested in understanding:

  • Practical implementation experience

  • Key challenges or lessons learned

  • Integration approaches (e.g., with external users/partners)

  • Any best practices or recommendations

It would be great to exchange insights or even have a short discussion.

Please feel free to reply here or connect with me directly.

Thanks in advance!

We’ve implemented SailPoint NERM mainly for contractor/vendor onboarding integrated with HR systems and Entra ID B2B. Biggest challenges were lifecycle ownership, sponsor governance, and handling duplicate identities across partner organizations.

Best practice is to keep onboarding lightweight initially, automate expiration/re-certification early, and clearly separate employee vs non-employee identity correlation logic.

These were the learning what we had from our Implementation for NERM:

  • Clear definition and classification of non-employee roles and access needs.

  • Robust onboarding and offboarding workflows tailored for external users.

  • Continuous monitoring and attestation processes.

  • Integration with HR and vendor management systems.

  • Strong authentication and access controls.

  • Regular risk assessments and policy updates

If you want more on checking the same I would request raise a ticket for Professional Services and they will be able to guide you because they did the implementation for us.