I’m currently exploring SailPoint NERM (Non-Employee Risk Management) and would like to connect with anyone who has recently implemented or worked on NERM, particularly in real-world production environments.
I’m especially interested in understanding:
Practical implementation experience
Key challenges or lessons learned
Integration approaches (e.g., with external users/partners)
Any best practices or recommendations
It would be great to exchange insights or even have a short discussion.
Please feel free to reply here or connect with me directly.
We’ve implemented SailPoint NERM mainly for contractor/vendor onboarding integrated with HR systems and Entra ID B2B. Biggest challenges were lifecycle ownership, sponsor governance, and handling duplicate identities across partner organizations.
Best practice is to keep onboarding lightweight initially, automate expiration/re-certification early, and clearly separate employee vs non-employee identity correlation logic.
These were the learning what we had from our Implementation for NERM:
Clear definition and classification of non-employee roles and access needs.
Robust onboarding and offboarding workflows tailored for external users.
Continuous monitoring and attestation processes.
Integration with HR and vendor management systems.
Strong authentication and access controls.
Regular risk assessments and policy updates
If you want more on checking the same I would request raise a ticket for Professional Services and they will be able to guide you because they did the implementation for us.