SailPoint (SAIL) Buys Entro Security As Its Valuation Debate Gets Harder To Ignore

SailPoint’s acquisition of Entro Security represents a critical evolution in identity governance and administration (IGA) strategy at a pivotal moment for the identity security market. As enterprises accelerate their digital transformation, the need to govern both human and non-human identities has become a top-tier infrastructure concern. This acquisition signals that IGA platforms must now expand beyond traditional identity lifecycle management to encompass machine identities, API tokens, and AI agent credentials.

The enterprise landscape is fragmenting. Traditional identity governance administration tools were built for a world where the majority of access requests came from humans. But the proliferation of AI agents, microservices, and automated workflows has created an entirely new class of identities that legacy systems cannot adequately govern. Many enterprises today lack visibility into their machine identity sprawl, leaving critical attack surfaces unmanaged. This identity governance gap forces CISOs to choose between two costly paths: accept risk, or manually patch disparate tools together.

Entro’s core technology addresses non-human identity risk at the point where it’s created—runtime. By integrating this capability into SailPoint’s enterprise-grade identity governance administration platform, the combined entity now offers buyers a unified approach to identity governance that spans the full spectrum of modern infrastructure. Rather than maintaining separate systems for human access governance and machine identity governance, enterprises can now model, provision, and audit all identities through a single identity lifecycle management framework.

The market timing matters. Gartner and other analysts have begun tracking non-human identity governance as a distinct capability area within the broader IGA market. Platforms that can’t offer this coverage are increasingly positioned as legacy. For SailPoint’s customer base—primarily large enterprises with substantial AWS, Kubernetes, and CI/CD infrastructure—the ability to apply consistent identity governance principles across both human and machine identities is becoming table stakes. This is not a feature; it’s a redefinition of what identity governance and administration means in the AI era.