Identity governance and administration (IGA) solutions help organizations oversee human and non-human access using a policy-driven approach to manage and control access rights. They combine the identity and access information scattered across an organization’s IT systems to improve security and fulfill compliance obligations.
Even as data and data repositories grow, identity governance and administration ensure that users have appropriate access levels to data and that managers/system admins are aware of anomalies in access patterns such as expired permissions. In this guide, we’ll explore identity governance and administration, explaining the importance of having IGA software and some of the top software vendors in the IGA space.
What Is Identity Governance and Administration?
Identity governance and administration is the practice of managing user identities—credentials, permissions, and roles—and their access across the organization. It is built on providing enterprise-wide visibility into user activity usage data and access rights.
IGA combines two identity management components—identity governance and identity administration–to produce a holistic approach to security and compliance.
Identity governance covers policy enforcement, access reviews, and compliance reporting, while identity administration details user identity creation, management, and removal. Together, these two form a comprehensive framework for managing user identities and access within an organization.
What is IGA software?
IGA software platforms are tools designed to manage and control user permissions, access rights, and roles within organizations. Their primary goal is to enhance the security posture of businesses by ensuring that the right individuals have the right access at the right times.
IGA software typically offers features such as identity lifecycle management, access governance and certification, individual role management, access requests and approvals, policy enforcement, and audit and compliance reporting. They combine the identity and access information scattered across an organization’s IT systems to improve security and fulfill compliance obligations—places where traditional identity and access management (IAM) tools could fall short.
How do identity governance and administration solutions work?
IGA can work differently in organizations based on the organization’s security needs.
- Identity lifecycle management: Manages the entire lifecycle of digital identities, from creation to termination, ensuring access rights align with user roles
- Centralized access management: Simplifies granting, revoking, and managing user and non-human identity permissions through a centralized platform
- Automated provisioning: Streamlines the process of granting and revoking access rights across on-premises and cloud environments
- Entitlement management: Defines and manages user permissions across various systems and applications based on job functions
- Regulatory compliance: Helps organizations meet compliance standards like GDPR, HIPAA, SOX, and PCI DSS through access control management and reporting
- Policy violation detection and remediation: Identifies policy violations, suggests improvements, and initiates corrective actions
- Access certifications: Conducts regular reviews to verify user access rights and reduce the risk of unauthorized access
- Analytics and reporting: Provides insights into access patterns, security risks, and compliance status for informed decision-making
Common IGA software vendors
Different IGA software vendors are available in the market today, each offering their take on solving the global access and identity permissions issues organizations face globally.
1. Veza
Veza is the Identity Security company transforming the way businesses manage access control and permissions for identities. Powered by the Access Graph, Veza’s platform helps organizations secure access across the enterprise–including cloud infrastructure, data systems, SaaS apps, and on-prem apps.
The Access Graph visualizes connections between users, groups, roles, resources, and permissions, making it easier to manage role-based access control. By identifying dormant permissions and over-permissioned roles, Veza ensures that access is intelligent and aligned with organizational needs and policies to improve overall security and governance. It uncovers the true permissions of all identities with access to your system and data, including non-human identities such as service accounts and other machine identities.
Promising next-generation IGA, Veza powers periodic campaigns to verify and certify entitlement to resources. It automates user access reviews across all SaaS platforms, fixing policy-violating permissions or permissions that are too broad and violate the principle of least privilege. It also produces audit-ready access reports and integrates with platforms like ServiceNow and JIRA for permissions remediation.
This IGA platform has over 250 out-of-box integrations, including AWS, Google Cloud, Microsoft Azure, Okta, and Crowdstrike. These integrations support seamless connection with your identity cloud, on-prem infrastructure, apps, and data systems.
Key features & benefits:
- Access Search: Use Veza’s Access Search product to see and control individuals with access to data across your enterprise systems with granular resource permissions that show permissions for both humans and machines
- Activity Monitoring: With Activity Monitoring, users can monitor who has access to their systems, identify unnecessary permissions, revoke dormant permissions or users, and fix ungoverned permissions
- Access Reviews: Automate user access certification process to certify users confidently and in record time with Access Reviews
- Access Intelligence: Veza’s Access Intelligence detects privileged users as well as dormant permissions and misconfigurations or policy violations
- Lifecycle Management: Grant and revoke access to users automatically and conduct dry-runs of changes to ensure they work to avoid access mistakes and future policy violations with Veza’s Lifecycle Management product
- Access Graph: Veza displays both human and non-human permissions to systems with an Access Graph that links users, groups, and roles to their effective permissions
User Reviews
Veza has a 4.9 out of 5 rating on Gartner Peer Insights and a 5 out of 5 rating on Capterra and Software Advice. Users are generally happy with the platform, highlighting how Veza renders support to them in record time and implements user feedback quickly.
Schedule a demo for a next-gen IGA experience
2. SailPoint
SailPoint is a SaaS identity security platform for enterprises. It offers solutions that automate user access discovery, management, and control. SailPoint also has an IdentityIQ product that is custom-built as a solution that leverages both AI and machine learning to deliver identity security by automating tasks like provisioning, access certifications, and access demands.
Key features & benefits:
- Lifecycle Manager for automating management and control of complex identity security challenges
- Sailpoint identity security cloud for tailored configurations
- Connectivity and integrations to connect IT resources
- SailPoint Atlas for strengthening access controls and simplifying governance
- Activity data-based insights
User Reviews
According to online user reviews, despite the benefits of SailPoint Identity, users struggle with using the platform.
“We discover and reduce security risks and compliance breaches with the help of SailPoint’s identity analytics and reporting capabilities. These advanced security features are important for us. However, SailPoint is expensive and it has a steep learning curve. The administrators have to train for a couple of weeks before they are allowed access to the system.” — SailPoint User
“I like the proactive features like policy violations and multiple layers of approvals at request time. Reactive controls like certifications are helpful to the extent that users engage. However, it does not scale well for large environments or when data is not 100% clean. For example, we have many uncorrelated accounts and this is not handled well for certifications.” — SailPoint User
The article includes platform features and images from SailPoint website that reflect the information available as of its publishing date.
3. Okta
Okta is an identity solution that offers passwordless sign-in, progressive profiling, bot detection, adaptive MFA, and other low-code features. Okta also has features for fraud detection, such as Breached Password Detection and Suspicious IP Throttling.
It has over 7000 drag-and-drop integrations for identity proofing, consent management, customer data platforms, log streaming, SMS and MFA providers, and Web3. It also supports lifecycle management and admin role management.
Key features & benefits:
- Universal login for customizing login box with SSO and social login
- No-code Identity automation with Workflows
- Passwordless authentication with FastPass
- Centralized identity solution for advanced server access
- Okta personal for protecting personal apps
User Reviews
Okta users experience several benefits and challenges using the platform. Based on user reviews on G2, here are some key ones.
“It’s simple to log into any app with Okta—just one click. However, sometimes it doesn’t work, and it is difficult to request that new applications be added to the catalog.” — Okta User
“All services are listed on one page, easy to access registered apps. But the app’s dashboard can get cluttered, with no categorization.” — Okta User
The article includes platform features and images from Okta website that reflect the information available as of its publishing date.
4. One Identity
One Identity is an I GA platform that focuses on enterprise cybersecurity posture. It uses Behavior-Driven Governance to enforce the principle of least privilege. One Identity also offers solutions for Active Directory management and security, Active Directory bridging, and IAM program optimization.
It also integrates with other platforms such as AWS, Google Cloud Platform, Azure, Okta, Ping, and OneLogin.
Key features & benefits:
- SaaS-delivered and on-prem offering for Privileged Access Management (PAM)
- Integration with cloud infrastructure, access management, data, and applications platforms
- Identify governance and management for on-prem, cloud, and hybrid environment
- Active Directory Management and security feature
- Syslog-ng for appliance and software log management
User Reviews
One Identity users have shared several benefits and challenges of the platform. Here are some of them:
“The Graphical user interface can be more user-friendly. Currently, it’s a little complicated for beginners, but as and how you use it, one will get used to it”—One Identity User
“Product documentation is not very detailed for some modules. Web portal customization is not very simple”—One Identity User
The article includes platform features and images from One Identity website that reflect the information available as of its publishing date.
5. Oracle Identity Governance
Oracle Identity Governance is an IGA solution that offers lifecycle management for both on-premise and cloud environments. It provides self-service and customizable options to manage user provisioning and de-provisioning based on a role-based access provisioning model.
Oracle Identity Governance also supports compliance as a hybrid solution that allows managers to approve or revoke access permissions using Oracle Access Governance.
Key features & benefits:
- User-friendly self-service connectivity to manage identities across cloud and on-premises environments
- Comprehensive role-based access provisioning to streamline workflows for access requests
- Machine learning-based role management to optimize role-based access control
- Customizable certification campaigns based on users, entitlements, applications, or roles
- Open application model with Docker or Kubernetes for deployment flexibility
User Reviews
Based on independent user reviews on Gartner, here’s what users have experienced while using the Oracle Identity Governance platform.
“OIG handles all types of integrations like DBAT and custom connectors, but from an integrations perspective, it is complicated to handle all the things like adaptors configuration and mappings in case of bulk attributes required for clients on process form.”—Oracle Identity Governance User
“With three different management consoles, it is a bit cumbersome for the developer or integrator to integrate applications.”—Oracle Identity Governance User
The article includes platform features and images from Oracle Identity Governance website that reflect the information available as of its publishing date.
6. Saviynt Enterprise Identity Cloud
Saviynt Enterprise Identity Cloud is an IGA platform with solutions for unifying identity governance and administration, external identity and risk management, privilege access management, and application access governance. It allows users to manage both human and machine identities and gain real-time identity risk profiles.
Saviynt Enterprise Identity Cloud also supports Bring Your Own Key (BYOK) and Bring Your Own Vault (BYOV) for data security.
Key features & benefits:
- Centralized application management with cross-application governance
- 100+ pre-built integrations
- Identity warehouse for both human and non-human identities
- Real-time identity risk profiles, automated alerts, and remediation suggestions
- Central control center for trend analysis and historical view of control violation
User Reviews
Based on user reviews shared on Gartner, here’s what users have to say while using Saviynt Enterprise Identity Cloud:
“Technical support relies too much on the solutions offered in the Forums, ie, customer-submitted questions and answers. There seems to be just one way to provision attributes to accounts, which are different versions of mappings in JSON. No obvious way to sync, for example, just a few attributes from a book of record”—Saviynt User
“Documentation is in development and may be incomplete/out of date. Due to the breadth of customization available, regression testing for version upgrades. Forums are a great resource for solving issues, but threads get orphaned/stale quickly.”—Saviynt User
The article includes platform features and images from Saviynt Enterprise Identity Cloud website that reflect the information available as of its publishing date.
7. Omada Identity
Omada identity is an out-of-the-box IGA solution that focuses on removing uncertainty in identity management. It offers identity transparency and identity reporting for compliance and trust. Omada identity also supports automated provisioning and identity and role management for on and off-board identities. It allows self-service access requests with automatic segregation of duty checks so users can request access as needed or have their managers request access on their behalf.
Key features & benefits:
- No-code configurations for process and workflow automation
- Compliance dashboards for closed-loop compliance
- Fixed-cost deployment
- Enterprise-grade cloud management feature via portal or API
- Connectivity framework that leverages SQL, SOAP, OData, and SCIM
User Reviews
Here are some Omada Identity online user reviews
“It can be overly difficult to track down the source of an error in the system and sometimes downright impossible without getting outside help. Another problem the system has are some limitations in regards to objects that grow over a certain amount.”—Omada Identity User
“Troubleshooting is difficult because of logs and info are hard to find. Understanding the internal relationships is not easy to understand, which makes error analysis difficult. And, adding new systems can’t done by ourselves, always support needed.”—Omada Identity User
The article includes platform features and images from Omada Identity website that reflect the information available as of its publishing date.
8. IBM Security Verify
IBM Security Verify, formerly IBM Security Identity Governance and Intelligence (IBM IGI), is a cloud-native, software as a service (SaaS), business-centric solution that forms part of the IBM security portfolio. IBM Verify has an identity analytics feature for risks with users, entitlement, and applications. For on-prem businesses, it supports migration to the cloud with a hybrid IAM approach.
IBM Security Verify can be deployed on-premises in a virtual or hardware appliance or even containerized with Docker. But Docker has some image limitations, which will require users to get more fine-tuned DevOps assistance.
Key features & benefits:
- No-code drag-and-drop visual flows
- Single sign-on for centralized access control
- Authentication tools such as passwordless sign-in and multifactor authentication
- Adaptive access with machine learning
- Identity lifecycle management
User Reviews
Despite the benefits of IBM Security Verify, users have some complaints about using the platform:
“There are a few items that need to be improved. 1. Online help: More step-by-step details may help. 2. Permission on the group: there is a need to create an admin user for our client, and the client admin shall be able to onboard their Trading Partners, we created a custom “Administrator Role” and limited the user admin right to a certain user group by using a scope. It is not working, the client admin cannot create a user in that group. Without the scope of the user group, the client admin can create/update/delete any user in any group, including admin user and admin user group.” — IBM Security Verify User
“We have faced multiple issues while using this tool, there were breakdowns multiple times but we didn’t have any proper solution from the Support team. Even if the solution was delivered, it was always very late. Being a legacy tool, it has its boundary in terms of Features and Security.” — IBM Security Verify User
The article includes platform features and images from IBM Security Verify website that reflect the information available as of its publishing date.
9. SAP Cloud Identity Access Governance
SAP Cloud Identity Access Governance is a cloud-based governance platform for identity governance and administration. It supports access control and compliance management and optimizes access assignments with analytic intelligence. SAP cloud identity access governance also has visual prompts and dashboards that show access issues.
Users can also extend access control to enterprise applications and use preconfigured audit reporting for compliance management.
Key features & benefits:
- Real-time insights for continuous access analysis
- Configurable, predefined access policies and rules
- Dashboard-driven user interface with visual prompts for intelligent optimization of assignments
- Risk mediation and mitigation for segregation of duties
- Preconfigured audit reporting
User Reviews
Based on user reviews shared on Gartner Peer Insights, some cons of using SAP Cloud Identity Access Governance:
“It is a really complex product, and it can be difficult to learn and use effectively. Once engaged in SAP, you are locked into it, and making a change would be too expensive and time-consuming. There are also performance issues with large data sets and complex workflows. It is also really expensive and not suitable for small businesses.”—SAP Cloud Identity Access Governance user
“Requires training to work frequently. Little bit costly.“—SAP Cloud Identity Access Governance user
The article includes platform features and images from SAP Cloud Identity Access Governance website that reflect the information available as of its publishing date
10. Fischer Identity
Fischer Identity is an AWS cloud-based identity and access management vendor that offers products for lifecycle management, identity and access management, compliance, and accelerated identity. It has an out-of-the-box Accelerated Identity solution with pre-built templates and configurations for identity governance and administration.
Fischer Identity also has integrations with AWS Identity and Access Management, Box, Microsoft Entra ID, Salesforce, Workday, and Zoom, among others.
Key Features & Benefits:
- Support for OAuth, OIDC, SAML2, Social, and MFA integration
- Access to more than one application with one set of credentials
- Workflow automation for access provisioning
- Account and entitlement management
- Pre-built workflows and integrations for configurations
User Reviews
Users have shared various reviews of Fischer Identity on independent review websites—G2 and TrustRadius. Some of the most notable ones are:
“The main drawback of Fischer Identity is its complex implementation process, which can be challenging for organizations without dedicated IT resources. Additionally, the platform’s advanced features might require extensive training to fully utilize.”—Fischer Identity User
“Integrations with some of our old platforms were a bit hard.”—Fischer Identity User
The article includes platform features and images from Fischer Identity website that reflect the information available as of its publishing date
11. Ping Identity
Ping Identity is an IGA solution vendor that focuses on identity management through user registration, onboarding, sign-in, profile management, and account recovery. It has IGA solutions for customer identity, workforce identity, decentralized identity, zero trust, IoT, and passwordless authentication.
Ping Identity has three different solution packages: PingOne for customers, PingOne for workforce, and PingOne Neo, each designed based on the use case.
Key features & benefits:
- Flow templates for identity and access management
- Drag and drop integration
- Supports issuing digital identity data to the identity wallet
- Implementation accelerators for deployment
- Multi-factor authentication and single sign-on
User Reviews
User reviews shared about Ping Identity include the following:
“It can be tricky to pair with older phones. Also if the phone the ID is linked to is lost or broken to a point it’s not usable, it can be difficult to authorise a new device for pairing without support from IT. I understand this is for added security, but it does impact the user experience.”—Ping Identity User
“My only complaint is some of the transitions can be confusing. For example, after adding a new device, there is a brief pause before the device is authenticated. An unfamiliar user may close out the windows before the process is done because there is no indication that something is happening in the background.”—Ping Identity User
The article includes platform features and images from Ping Identity website that reflect the information available as of its publishing date
12. RSA
RSA is an IGA software vendor focused on providing identity security for security-first enterprises. It offers ID Plus, an IGA product for authentication and access capabilities in cloud, on-prem, and hybrid environments. RSA also offers SecurID for on-prem access, authentication, and identity management and a governance and lifecycle platform for identity governance and administration.
Key features & benefits:
- AI-powered authentication policies for anomaly detection
- Supports FIDO, OTP, mobile push, QR codes, and other authentication methods
- Supports hardware authenticators
- Unified Directory capabilities with single sign-on
- End-to-end visibility into entitlements
User Reviews
Here are some user reviews on RSA:
“I don’t like RSA because of its reporting features; the reporting feature is not presentable and is very bad. There was also a limitation on the data gathering because the reporting time execution was too short; as a result, it failed to generate the reports.”—RSA User
“RSA Authentication comes with its problems. One of them is that with the high security, the process often becomes complicated, putting the users through training sessions. Also the registration process is lengthy in some cases”—RSA User
The article includes platform features and images from RSA website that reflect the information available as of its publishing date
Choosing the Right IGA Solution
One of the biggest challenges that enterprises face with managing data access and granting identity permissions is determining who can take action on what data. In many cases, this leads to over-permissions, security vulnerabilities, and regulatory and compliance issues.
Look for solutions that help your organization grant and revoke access permissions at the speed of business for all identities, across all systems–while enforcing security policies. To get the most out of your IGA provider, look for solutions that:
- Integrate quickly and easily with a cloud architecture, flexible deployment model, and offer a modern developer experience
- Translate system-specific roles and permissions into plain language, understandable by business users
- Monitor both human and non-human identities, including service accounts, to get the most comprehensive view of permissions to resources
- Provide visibility beyond groups or roleslooking atthe permissionsof systems to build the most accurate view of what identities truly can do
- Connect to any enterprise system: cloud infrastructure platforms, structured data systems, unstructured data systems, data lakes, SaaS apps, custom apps, or on-prem systems.
To learn about Veza’s approach to next-generation IGA, schedule a demo.