Battle Cards — RapidValue IGA

Battle card 1 of 4

vs. SailPoint Identity Security Cloud

Enterprise Leader

When you hear: "We're already evaluating SailPoint" or "SailPoint is the market leader."

Where we win

Dimension	SailPoint	RapidValue
Time to first value	6–9 months	Same day (Quick Scan)
Connector onboarding (read-only)	4–8 weeks	5 min (visibility-first wizard)
Identity risk scoring	Atlas add-on, generic score	14-component, daily trend, materialized — included
Audit evidence	"We'll discuss in scoping"	One-click SOX / ISO / HIPAA / GDPR packs
Cross-system SoD	Within one app domain	Declared across any 2 connected systems
Reconciliation evidence	Counts + delta	Per-grant snapshots + reasons
NHI governance	Add-on module	Built-in (4-tier model)
Tier-3 on-prem agent	Complex deployment	One-line installer
3-year TCO (mid-market)	€3M+	€1.19M

Their strengths — be honest

⚠️ 200+ pre-built connectors vs. our 8 (but the wizard closes the gap fast)

⚠️ Larger partner ecosystem for complex customisation

⚠️ Enterprise-grade at 100k+ identities — our tested limit is ~50k

⚠️ Stronger brand recognition with large enterprise procurement

Killer question to ask

"What does your implementation timeline look like — and when do you expect to see the first drift report from production data?" If they say 6+ months: "We can show you that in 25 minutes today, with your data."

Traps to avoid

🚫 Don't attack SailPoint's brand — it backfires. Compete on speed and evidence quality, not market position.

🚫 Don't claim 200 connectors. You have 8 excellent ones + the wizard that makes custom connectors fast.

Battle card 2 of 4

vs. Saviynt

IGA + PAM Platform

When you hear: "Saviynt has a cloud-native IGA + PAM + ITDR platform" or "We need a single vendor for IGA and PAM."

Where we win

Dimension	Saviynt	RapidValue
Time to first value	6–9 months	Same day
Connector onboarding (read-only)	Months	5 min (visibility-first wizard)
Identity risk scoring	Score per identity	14-component, daily trend, materialized
Toxic combos + SoD	✅ but complex config	✅ cross-system, declarative, pre-configured
Audit evidence	Reporting engine	One-click SOX / ISO / HIPAA / GDPR packs
Reconciliation evidence	Counts	Per-grant snapshots + reasons
NHI governance	Partial	Built-in 4-tier model
EU data sovereignty	US-cloud primary	Tier-3 agent — credentials stay in your VPC
Role mining deduplication	Single-algo per run	Cross-algorithm dedup (1 proposal, not 7)

Their strengths — be honest

⚠️ IGA + PAM in a single platform — we don't do PAM today

⚠️ ITDR (Identity Threat Detection & Response) is a growing differentiator

⚠️ Strong in US enterprise market; FDA/SOX vertical depth

Killer question to ask

"When your role mining runs across LDAP and AD — does it deduplicate proposals that represent the same real-world role, or do you get one proposal per algorithm per run?" Most Saviynt deployments generate 5–8 proposals for the same D-IT group. Our cross-algorithm dedup collapses them into one, with a merge rationale.

Traps to avoid

🚫 Don't get drawn into a PAM comparison. Reframe: "Do you need PAM and IGA governed together, or are you primarily solving the IGA gap first?"

🚫 Saviynt's ITDR story is new and largely aspirational. Acknowledge it, then redirect: "How is your IGA audit evidence today?"

Battle card 3 of 4

vs. Omada

EU-Based IGA

When you hear: "We're looking at Omada — they're EU-based" or "Omada has 38 process templates."

Where we win

Dimension	Omada	RapidValue
Time to first value	4–6 months	Same day
Connector onboarding (read-only)	3–6 weeks	5 min (visibility-first wizard)
Identity risk scoring	Risk tags	14-component score, daily trend, materialized
Audit evidence	Standard reports	One-click SOX / ISO / HIPAA / GDPR packs
NHI governance	Partial / roadmap	Built-in 4-tier model
Reconciliation evidence	Limited	Per-grant snapshots + reasons
Role mining quality	Basic	8 algorithms + cross-dedup
Process templates	38 (IdentityPROCESS)	38 templates included (same framework)

Their strengths — be honest

⚠️ Strong Scandinavian and BeNeLux VAR network — familiar to many EU buyers

⚠️ EU-domiciled company (relevant for sovereignty procurement)

⚠️ Long track record in public sector (NL/DK government references)

Killer question to ask

"When was the last time you looked at what Omada's reconciliation delivers as audit evidence? Can you show your auditor why a specific grant exists — timestamped, with the policy reference?" This is our clearest win: Omada's recon is count-based. Ours is snapshot-based.

Traps to avoid

🚫 Don't underestimate Omada's local partner network. Counter: find the internal champion frustrated with their evidence model.

🚫 Their "38 process templates" is real. We have 38 too — neutralise the comparison and redirect to speed + evidence quality.

Battle card 4 of 4

vs. "Doing nothing" / spreadsheets / in-house scripts

Status Quo

When you hear: "We handle this manually today" or "We're not sure the business case is there."

The cost of inaction — key questions to ask

Question	What it reveals
How long does a joiner wait for full access?	Multiply joiners/year × avg cost of low-productivity → direct ROI
How many orphaned accounts exist?	Each one is a live attack surface with no owner
When was the last access certification?	DORA/NIS2 expect continuous — not just annual
How many hours does audit prep take?	Typical: 200h × €120/h = €24k/year in direct cost
What happens when the script author leaves?	Bus factor = 1. That's your operational risk.

Hidden cost calculation (2,500 employees, 25 systems)

Hidden cost	Annual exposure
Manual provisioning (leavers not deprovisioned within 30 days)	€600k risk
Audit preparation (manual cert collection)	€24k direct
JML inefficiency (delayed access × hourly cost)	€40k direct
Orphaned account risk (1 breach / 2yr × €350k avg)	€175k annualised
Total	~€840k/year

RapidValue Growth plan: €180k/year. Payback period: 3 months.

Killer question to ask

"If your most important identity-related script broke today, how long would it take to know — and who would fix it?" Silence is your answer.

Traps to avoid

🚫 Don't belittle their current setup. They built it for a reason. Respect the effort, then show what it can't do.

🚫 Don't lead with compliance if they're not facing an audit soon. Lead with operational efficiency — compliance is the second reason.

Universal Objection Handling

Objection	Response
"It's too expensive."	"Let me understand — too expensive relative to what? The alternative is usually manual labor, SailPoint (which costs more at €3M TCO), or risk exposure. Can I share the 3-year TCO comparison?"
"We just bought [other tool] for identity."	"Makes sense — what problem were you trying to solve? Often companies buy a tool for provisioning or PAM, then discover IGA — the governance, certification, role mining, audit evidence — is a separate problem. What does your audit evidence story look like today?"
"We don't have the resources to implement anything right now."	"That's actually why we built the POC motion the way we did. No professional services, no infrastructure setup. Sales engineer on a call, agent running in your VPC in 30 minutes. The question isn't whether you have resources — it's whether a 30-minute proof is worth 30 minutes."
"We need to see customer references."	"Absolutely. While I arrange that, let me show you what the evidence looks like in practice — reference calls go much faster when you've already seen the product. What's a convenient time this week?"
"We're mid-market — will you still be around in 5 years?"	"Fair question. We're a product company with a paying customer base growing in BeNeLux and DACH. The tier-3 agent means your connector credentials are always on-prem — even if the SaaS control plane went away, your AD passwords and API keys stay with you. We're not giving you a 10-year guarantee, but the architecture is designed so you're not held hostage."