SailPoint IdentityIQ vs IdentityNow: Which One to Learn in 2026

The worst career advice in SailPoint right now is "just learn IdentityNow, IIQ is dead."

IIQ is not dead. It is running in thousands of enterprises that are not migrating anytime soon. And IdentityNow, now called Identity Security Cloud, is not the simple cloud product people assume it is. The two platforms solve the same category of problem, identity governance, but they solve it with fundamentally different architectures, different technical stacks, and different career implications.

The real question is not "which one is better." It is "which one should I invest my learning time in right now, given where I am in my career and where the market is heading." That is a more useful question, and it has a more useful answer.

What They Actually Are

IdentityIQ (IIQ) is SailPoint's on-premises identity governance platform. It gets deployed on your servers, connected to your database, and customized with Java, BeanShell scripts, XML configuration objects, and custom workflows. SailPoint built its reputation on this product starting around 2006, and it became the dominant IGA platform in large enterprises and regulated industries.

The defining characteristic of IIQ is depth of customization. You can modify nearly anything. That power is also the reason IIQ environments tend to accumulate significant technical debt, because teams did modify nearly everything.

IdentityNow, rebranded to Identity Security Cloud (ISC) in 2023, is SailPoint's cloud-native, multi-tenant SaaS platform. It is configuration-driven rather than code-driven. Customization happens through transforms, API integrations, cloud rules, and a visual workflow builder instead of BeanShell and XML.

ISC still connects to on-premises systems through Virtual Appliances (VAs) and IQService, so "cloud" does not mean "no on-prem complexity." It means the platform itself is hosted and managed by SailPoint, with continuous updates pushed automatically.

A quick note on naming: job postings, documentation, and practitioners still use "IdentityNow" and "ISC" interchangeably. You will see both. They mean the same product. This post uses "ISC" from here on.

The key architectural difference is the customization boundary. IIQ gives you something close to source code access. You can build nearly anything. ISC gives you a managed platform with guardrails. You configure within those guardrails, and SailPoint handles the rest. That single difference drives most of the career implications below.

The Technical Differences That Matter for Your Career

Here is what that table means in practice.

IIQ skills are software engineering skills. If you work in IIQ, you are writing Java, debugging BeanShell, navigating XML configuration objects, managing application server deployments, and troubleshooting complex multi-environment landscapes. That is closer to backend development than platform administration.

ISC skills are platform engineering and API integration skills. If you work in ISC, you are configuring transforms, building workflows in a visual editor, writing API calls, managing Virtual Appliance connectivity, and troubleshooting SaaS platform behavior you cannot fully control because SailPoint owns the infrastructure.

Both platforms require the same governance knowledge. Lifecycle management, access certifications, provisioning, role modeling, separation of duties, entitlement management, and compliance controls work conceptually the same way in both products. The governance layer is where the two platforms share the most DNA.

That shared governance layer is also the most portable part of your skillset. If you understand why access certifications exist, how joiner-mover-leaver processes work, and what a well-designed role model looks like, those concepts transfer to any IGA platform, not just between IIQ and ISC.

Which One Has More Jobs Right Now

IIQ still carries significant job volume because of the installed base. SailPoint spent nearly two decades selling IIQ into large enterprises, government agencies, and regulated industries. Those deployments need maintenance, upgrades, customization, and skilled engineers. That demand does not disappear because a newer product exists.

ISC postings are growing as net-new deployments shift to the cloud platform and migration projects ramp up. If you browse the current SailPoint jobs on IAM Jobs, you will see postings that mention IIQ, postings that mention ISC or IdentityNow, and a meaningful number that mention both. That last group usually signals an employer that is either running both platforms in parallel or actively migrating.

The trend line matters more than the current snapshot. SailPoint is investing its product development in ISC, not IIQ. New features, new connectors, and new capabilities go to ISC. Partner enablement is increasingly ISC-focused. SailPoint's own free certification path through SailPoint University targets ISC.

But "long term" in enterprise IAM means something different than it does in consumer tech. Companies that deployed IIQ in 2018 with heavy customization, hundreds of custom rules, and deep integrations into legacy HR and ERP systems are not migrating next quarter. Some are not migrating next year. The transition is real, but it is slow, and the enterprises that take the longest to move tend to be the ones with the most complex and highest-paying IIQ work.

The Migration Wave

SailPoint is actively pushing IIQ customers toward ISC. This is their stated product strategy, not speculation. The migration playbook exists. The partner ecosystem is being trained on it. The incentive structure is pointing in one direction.

Here is what makes these migrations interesting from a career perspective: they are not lift-and-shift.

IIQ's deep customizations do not port directly to ISC. BeanShell rules have no equivalent in ISC. Complex XML workflows need to be redesigned using ISC's workflow builder or API-based approaches. Custom Java connectors may need to be replaced with ISC's cloud connector framework or VA-based integrations. The governance logic stays, but the implementation layer gets rebuilt.

That creates a specific, high-value career niche: the migration engineer who knows both platforms well enough to assess what an IIQ deployment actually does, design the ISC equivalent, identify what cannot translate directly, and execute the transition without breaking governance controls that auditors and regulators depend on.

Migration experience is arguably the most valuable SailPoint skill to develop in 2026 and 2027. It combines deep IIQ knowledge, ISC platform skills, architecture judgment, and the ability to manage risk during a transition that touches every application and identity in the enterprise. The salary guide shows how migration experience shifts compensation bands upward, and this dynamic is only intensifying.

The practical implication: IIQ skills have a real but declining trajectory. ISC skills have a rising trajectory. Knowing both, especially in a migration context, is where the premium sits.

Which One to Learn First

Breaking in (0 to 2 years of experience)

Start with ISC. Net-new SailPoint deployments are going to ISC. Entry-level roles at SailPoint consulting partners are increasingly ISC-focused. SailPoint's own training and free certification path targets the IdentityNow platform.

But do not just learn button clicks. Spend real time understanding identity governance concepts that are platform-agnostic: what lifecycle management solves, why access certifications exist, how provisioning works end to end, what role modeling is trying to accomplish. Those concepts are what make you useful on day one regardless of which platform you land on.

If you are still figuring out how to get into the field, start with how to break into IAM as a career for the broader picture.

Building depth (2 to 5 years)

If you are already working in an IIQ environment, do not abandon IIQ to chase ISC. Your IIQ depth is valuable right now, and it will be especially valuable through the migration wave when employers need people who actually understand the legacy environment being replaced. Add ISC knowledge on top of your IIQ foundation.

If you are at an ISC shop, go deep there. But invest enough time in understanding IIQ at a conceptual level that you can participate intelligently in migration conversations, because those conversations will come to your desk eventually.

The ideal position at this career stage: deep expertise in one platform, working familiarity with the other. The skills that increase pay the most post covers how platform depth compounds with other IAM skills to move your compensation band.

Senior and architect level (5+ years)

You need to know both. Architects advising on SailPoint strategy must understand the full migration path. That means knowing what IIQ customizations translate cleanly to ISC, which ones require redesign, and which governance requirements might not be achievable in ISC today.

The premium at this level is not in operating either platform. It is in designing the migration architecture, managing the transition risk, and keeping governance controls intact while the underlying platform changes. The salary guide shows how architecture-level SailPoint roles price relative to hands-on engineering.

What Transfers Between Them

Roughly 60% of what you learn on one platform is portable to the other. That 60% is the governance and conceptual layer:

• Identity lifecycle management (joiner, mover, leaver processes)
• Access certification design and execution
• Provisioning logic and troubleshooting
• Entitlement and role modeling
• Separation of duties and compliance controls
• Source and target system integration thinking
• Stakeholder communication with audit, security, HR, and application owners

The other 40% is platform-specific implementation skill that does not transfer:

• BeanShell and Java development (IIQ only)
• XML workflow configuration (IIQ only)
• Application server and database administration (IIQ only)
• ISC transform syntax and the SaaS workflow builder (ISC only)
• Virtual Appliance and IQService deployment and troubleshooting (ISC only)
• ISC API patterns and cloud rule development (ISC only)

Here is the thing about that non-transferable 40%: it is where the pay premium lives. The governance concepts are valuable, but they are also what everyone in IGA learns eventually. The platform-specific depth, the ability to write a complex BeanShell rule that handles an ugly edge case, or to troubleshoot a VA connectivity failure at 2 AM, is what separates commodity IAM knowledge from specialist-level compensation.

The Bottom Line

IIQ is not dead. ISC is the future. The migration wave makes knowing both platforms uniquely valuable for the next several years.

Pick based on where you are now, not where the market might be in five years. If you are breaking in, start with ISC because that is where new deployments and training investment are concentrated. If you are mid-career in an IIQ shop, go deeper there and add ISC. If you are senior, you need both, and migration architecture is the premium skill.

If forced to pick exactly one platform to learn from zero today, pick ISC. But do it knowing that the best-paid SailPoint work over the next few years will go to people who understand the old world well enough to safely replace it with the new one.

Browse the current SailPoint jobs to see the IIQ and ISC split in real postings. If you are still early in your IAM career, start with entry-level IAM jobs and the certifications guide to build your first set of credentials.