Behind the Logins: A Look at Identity Governance

Having covered the basics of IAM (Identity Access Management) by introducing PAM (Privileged Access Management), today I'll delve into IGA (Identity Governance and Administration).

While it's clear that IGA involves managing users within an organization at a high level, simply looking at the acronym suggests this, but what are the specific details?

KuppingerCole Analysts have written an in-depth article on the topic, available at this link: https://www.kuppingercole.com/insights/identity-governance-and-administration/identity-governance-and-administration-guide?utm_source=chatgpt.com

Warwick Ashford's research summarizes IGA into two main categories: Access Governance and Identity Lifecycle Management.

Access Governance not only includes the access required when someone starts at a company but also adapts to changes in their role or department, and naturally, when they depart. "Access Governance, therefore, is typically part of the standard joiner, mover, leaver processes."

Identity Lifecycle Management, or Identity Provisioning, ensures users have the essential minimum access needed to perform their jobs effectively.

With the integration of automation and AI (Artificial Intelligence), Warwick emphasizes that IGA is vital for managing security threats and adhering to strict compliance standards.

Below are several typical use cases associated with IGA, although this is not a complete list:

• Access Request Management

• Role-Based Access Control (RBAC)

• Joiner-Mover-Leaver (JML) Lifecycle Management

• Access Certification

• Audit and Compliance Reporting

• Segregation of Duties (SoD) Enforcement

• Identity Analytics and Risk Scoring

• Hybrid and Cloud Access Governance

• Third-Party / Contractor Access Governance

• Policy and Workflow Automation

Ultimately, IGA helps companies become more efficient and effective in securing identities across the organization.