SailPoint’s Entro Acquisition: Machine Identity Now a First-Class IGA Concern
SailPoint’s acquisition of Entro signals a fundamental shift in identity governance: AI agents and machine identities are no longer an afterthought. They’re now a core competency that IGA platforms must address to remain relevant.
Why This Acquisition Matters
For decades, identity governance and administration (IGA) focused on one problem: managing who gets access to what, in the human sense. Users, roles, entitlements, access reviews, deprovisioning. SailPoint built a $1B business on this foundation.
But the enterprise has changed. AI agents—from LLMs to agentic frameworks—now run alongside humans, making decisions, accessing systems, and operating under credentials. These machine identities have no manager, no cost center, no offboarding date. They require governance that traditional ILM cannot provide.
Entro Security, an Israeli startup focused specifically on non-human identity (NHI) access management, offers exactly what SailPoint’s platform lacked: the ability to discover, classify, and govern machine identities in real time. The acquisition wasn’t a defensive move—it was an admission that IGA as practiced for 20 years is insufficient for the AI era.
What This Means for IGA Practitioners
The integration signals that machine identity governance is now table stakes. Enterprises choosing IGA platforms will expect native support for agent governance—not as a module, but as a core competency. SailPoint is positioning itself to deliver this. Competitors like Omada and Saviynt will have to follow suit or risk irrelevance.
For CISOs and identity practitioners, this raises a practical question: Does your current IGA platform have a credible path to governing AI agents? If the answer is “not yet” or “we’ll bolt on a third-party tool,” you’re looking at architectural debt that will compound as AI adoption accelerates.
The Broader Shift
The Entro acquisition is part of a wider market correction. Workforces are becoming hybrid—human and machine. IGA frameworks that treat these as separate problems will struggle. Those that unify human and agentic identity governance under one platform will dominate.
This is where the IGA market is heading. The question isn’t whether machine identity governance will matter—it already does. The question is whether your platform is ready.