What is IGA? 

First, what is an identity? An identity is a digital representation of an individual, recording of all the attributes that makes a person unique. We can then map this identity to roles and applications to give users access to the right resources across the organization to allow them to accomplish their job. Managing these identities, or users, can be done with an Identity Governance and Administration (IGA) solution. 

For an application to be considered an Identity Governance solution, an application must be able to do a few key things. We will discuss below what to expect from an IGA platform as well as what IGA platforms don’t do. 

Identity lifecycle 

IGA should manage and automate the entire identity lifecycle process from the on-boarding process to deprovisioning accounts upon termination of employment. 

This allows organizations to stay in compliance with regulatory mandates and alleviate burden on IT teams who would previously need to do these actions manually. 

Access review 

An application that allows your organization to verify the current people have the correct access at the right time. This is essential to ensure the company resources are always secure. 

Reporting & logging 

The ability to access information about permissions granted or revoked, and resource access requests through the logs. These solutions should also have a way to analyze and pull relevant data. Reporting and logging are crucial to conform to many compliance mandates. For example, during a SOX audit, auditors will want to know what internal controls are in place for access to sensitive data. A good identity governance and administration solution will provide you with reporting tools so you will know who has access to which applications, why they have access, and when their access will be removed. 

Self-service & access request 

Allows for user to request access to applications they need to complete their jobs. This automated process alleviates the manual tasks of granting access to users and eliminates the chance of human error in the access request process. 

Provisioning 

The ability to create or remove accounts to applications or resources across your organization based on a user’s role. Automation of account creation or deletion is the corner stone of every identity governance and administration solution. 

Entitlements 

Manages the fine-grain access to applications. This allows your organization to manage applications down to the user, moderator, admin, etc. roles. These tools can grant, remove, and alter access to applications and devices across the organization based upon the needs of the individual user. 

Delegation 

The capability to securely delegate the ability to request, manage and approve access to another person, department and/or office. 

What IGA is not? 

Single sign-on 

Single sign-on (SSO) and identity governance and administration are meant to be used together. SSO is the way a user authenticates into a resource. The purpose of IGA is not to authenticate users but to authorize them. SSO is used to determine who a user is, while IGA is used to determine if this user should have access to the resource. When the two are combined you have a more complete identity access management (IAM) solution. 

Privileged access management 

If one privileged account is hacked the organization can be at risk. Privileged access management (PAM) is focused on minimizing the risk that privilege accounts pose to an organization. IGA is not a PAM solution but is often used as an effective way to manage who has access to privileged access accounts. 

Multi-factor authentication 

Multi-factor authentication (MFA) combines any two of the following methods to strongly authenticate a user: something you know, something you have, something you are. 

Want to learn more?

Watch "Reduce your IT workload with Identity Governance and Access Controls" on-demand now!