Blog

What is Identity Governance & Administration (IGA)?

Umar Qayum - Technology Consultant.

First, what is an identity? An identity is a digital representation of an individual, recording of all the attributes that makes a person unique. We can then map this identity to roles and applications to give users access to the right resources across the organisation to allow them to accomplish their job.

What is IGA?

First, what is an identity? An identity is a digital representation of an individual, recording of all the attributes that makes a person unique. We can then map this identity to roles and applications to give users access to the right resources across the organisation to allow them to accomplish their job. Managing these identities, or users, can be done with an Identity Governance and Administration (IGA) solution. For an application to be considered an Identity Governance solution, an application must be able to do a few key things. We will discuss below what to expect from an IGA platform as well as what IGA platforms don't do.

Identity lifecycle

IGA should manage and automate the entire lifecycle of an identity from the on-boarding process to deprovisioning accounts upon termination of employment. This allows organisations to stay in compliance with regulatory mandates and alleviate burden on IT teams who would previously need to do these actions manually.

Access review

An application that allows your organisation to verify the current people have the correct access at the right time. This is essential to ensure the company resources are always secure.

Reporting & logging

The ability to access information about permissions granted or revoked, and resource access requests through the logs. These solutions should also have a way to analyse and pull relevant data. Reporting and logging are crucial to conform to many compliance mandates. For example, during a SOX audit, auditors will want to know what internal controls are in place for access to sensitive data. A good IGA solution will provide you with reporting tools so you will know who has access to which applications, why they have access, and when their access will be removed.

Self-service & access request

Allows for user to request access to applications they need to complete their jobs. This automated process alleviates the manual tasks of granting access to users and eliminates the chance of human error in the access request process.

Provisioning

The ability to create or remove accounts to applications or resources across your organisation based on a user’s role. Automation of account creation or deletion is the corner stone of an IGA solution.

Entitlements

Manages the fine-grain access to applications. This allows your organisation to manage applications down to the user, moderator, admin, etc. roles. These tools can grant, remove, and alter access to applications and devices across the organisation based upon the needs of the individual user.

Delegation

The capability to securely delegate the ability to request, manage and approve access to another person, department and/or office.


What IGA is not?

Single sign-on

Single sign-on (SSO) and IGA are meant to be used together. SSO is the way a user authenticates into a resource. The purpose of IGA is not to authenticate users but to authorize them. SSO is used to determine who a user is, while IGA is used to determine if this user should have access to the resource. When the two are combined you have a more complete identity access management (IAM) solution.

Privileged access management

If one privileged account is hacked the organisation can be at risk. Privileged access management (PAM) is focused on minimising the risk that privilege accounts pose to an organisation. IGA is not a PAM solution but is often used as an effective way to manage who has access to privileged access accounts.

Multi-factor authentication

Multi-factor authentication (MFA) combines any two of the following methods to strongly authenticate a user: something you know, something you have, something you are.

 

Get in touch

We're here to help.

Get in touch to find out how we can help you with your specific needs.

One quick form gets you a step closer to the installation of the most intuitive identity platform for your business.