My take on the perfect IGA product

Disclaimer: Use any op the pictures or text in this post freely as long as you credits the author.

Previously I have written an article: Why Identity Governance first. In that one I advocated for having every data source importing data not directly to Identities, but always being subject to analytics. This requires the right tool of the right architecture. I have tried drawing that in two graphics I will share here. First is the general archirecture, and the next how Identity lifecycle could be implemented in this model.

The above demonstrates how no data import should ever mess up with any other end point, than the one providing bogus data, as data flow is only allowed between endpoints if the right conditions are present.

Identity data is flowing from an HR system, but any deviations from expected format, data syntax, agreed HR processes and virtually any other filtering you can imagine made on data, combination of data and constellation of data, is caught and held back for further actions. Actions can be any type and shape, however it allows any organisation to avoid unpleasant surprises or damaging HR operations. Further it allows for the IGA platform to be self healing and report on all deviations from Identity policies.