What is identity governance and administration?

Identity Governance and Administration (IGA) systems

Identity Governance and Administration (IGA) joins the list of acronyms along with IAM and PAM. The term gained acceptance in 2013 after Gartner merged two of its Magic Quadrants–one addressing Identity Governance and the other Identity Administration–into the Magic Quadrant for Identity Governance and Administration.

IGA systems merge identity administration, which addresses administering accounts and credentials, provisioning, and managing entitlements, with identity governance, which addresses the segregation of duties, role management, logging, and analytics and reporting.

IGA systems provide additional functionality beyond standard Identity and Access Management (IAM) systems. In particular, they help organizations meet compliance requirements and enable them to audit access for compliance reporting. They also automate workflows for tasks such as access approvals and provisioning/de-provisioning.

Elements of IGA Systems

Identity governance and administration tools help handle user identity lifecycle management. IGA systems generally include these elements for identity administration:

• Password management Through tools like password vaults or, more often, Single Sign-On (SSO), IGAs ensure users don’t have to remember many different passwords to access applications.
• Integrations Connectors to integrate with directories and other systems that contain information about users and the applications and systems they have access to as well as their authorization in those systems.
• Access request management Workflows that make it easier for users to request access to applications and systems and get approvals.
• Provisioning Automated provisioning and de-provisioning at both the user and application level.
• Entitlement management Ability to specify and verify what people are allowed to do in various applications (such as add, edit, view, or delete data). !

IGA systems generally include these elements for governance administration:

• Segregation of duties Create rules that prevent risky sets of access from being granted to a person. For example, the ability to both view a corporate bank account and transfer funds to outside accounts (which might enable a user to transfer money to a personal account).
• Access review Tools that streamlines the review and verification (or revocation) of users access to different apps and resources. Some IDG tools provide discovery features that help identify entitlements that have been granted and surface them.
• Role-based management Defining and managing access through user roles.
• Analytics and reporting Tools that log activities, generate reports (including for compliance) and provide analytics to identify issues and optimizations.