IGA — Glossary

Identity Governance and Administration

A framework of policies and technologies that manages digital identities and governs access rights, including access request workflows, access certification campaigns, role management, and segregation of duties.

Last updated

What Is IGA?

Identity Governance and Administration (IGA) — sometimes called Identity Governance — focuses on ensuring that access rights across an organization are appropriate, properly authorized, and regularly reviewed. While IAM handles day-to-day authentication and access, IGA provides the governance layer that answers: "Should this person have this access?"

Core IGA Capabilities

  • Access Requests: Self-service portals where users request access with approval workflows
  • Access Certification: Periodic campaigns where managers review and confirm (or revoke) their team's access
  • Role Management: Define and manage roles that bundle permissions for job functions
  • Lifecycle Management: Automate joiner/mover/leaver processes as employees change roles or leave
  • Segregation of Duties (SoD): Prevent toxic combinations of access that enable fraud
  • Policy Enforcement: Enforce organizational access policies automatically
  • Audit and Reporting: Provide evidence of access governance for auditors

Why IGA Matters

  • Compliance: SOX, HIPAA, PCI DSS, and SOC 2 all require evidence that access is appropriate and regularly reviewed
  • Reduce risk: Excess privileges accumulate over time ("privilege creep") as employees change roles
  • Efficiency: Automate manual access provisioning and certification processes
  • Visibility: Understand who has access to what across all systems

IGA vs. IAM vs. PAM

| Discipline | Question | Focus | |---|---|---| | IAM | Can you authenticate? | Login, SSO, MFA | | IGA | Should you have this access? | Governance, certification, lifecycle | | PAM | Is your privileged access controlled? | Admin access, vaulting, sessions |

Leading IGA Vendors

Major IGA vendors include SailPoint, One Identity, Saviynt, Microsoft Entra ID Governance, Omada, and CyberArk (through its acquisition of Idaptive).

Related Resources

Categories

Identity Governance Platforms

Compare identity governance alternatives to CyberArk including One Identity, SailPoint, and Delinea. Comprehensive identity governance and access management platforms.

Enterprise IAM Platforms

Compare the best enterprise IAM alternatives to Okta in 2026. Ping Identity, ForgeRock, Microsoft Entra ID — enterprise identity features, scale, and deployment flexibility compared.

Products

SailPoint

AI-driven identity governance and administration platform

One Identity

Unified identity security platform with PAM and governance

Microsoft Entra ID

Microsoft's cloud identity platform with deep M365 and Azure integration

Okta

Cloud identity and access management platform for SSO, MFA, and lifecycle management

Sources & References

  1. NIST Cybersecurity Framework (CSF) 2.0[Government Standard]
  2. NIST Computer Security Resource Center[Government Standard]
  3. MITRE ATT&CK Framework[Industry Framework]
  4. OWASP Foundation[Industry Framework]
  5. CISA Cybersecurity Best Practices[Government Standard]
  6. SANS Institute Reading Room[Industry Research]
  7. Cloud Security Alliance (CSA)[Industry Framework]
  8. CIS Critical Security Controls[Industry Framework]
  9. Gartner Magic Quadrant for Access Management 2024[Analyst Report]
  10. Forrester Wave: Identity-As-A-Service (IDaaS), Q4 2024[Analyst Report]
  11. KuppingerCole Leadership Compass: Access Management 2024[Analyst Report]
  12. NIST SP 800-63: Digital Identity Guidelines[Government Standard]
  13. FIDO Alliance: Passwordless Authentication Standards[Industry Standard]
  14. Gartner Peer Insights: Access Management[Peer Reviews]