New kid on the block – IGA

In today's highly connected IT environment, it is becoming increasingly difficult for organizations to manage large numbers of users with different access requirements across many different applications, platforms, and operating systems.

Identity Governance and Administration (IGA) is a new methodology that helps an organization with proliferating user account repositories and coordinating the management of granting access with privileges across repositories.

Let’s take a look at the core capabilities of IGA:

1.   Identity Administration

Administration is the core functionality of most of IGA solutions. It consists of a set of activities such as administration of accounts, passwords, access requests, and access provisioning. It also controls entitlement management. In entitlement management, you can grant, resolve, enforce, revoke and administer fine-grained access entitlements. The purpose of these entitlements is to execute IT access policies to structured/unstructured data, devices, and services.

2.   Identity Lifecycle Management

As per identity lifecycle management, all identities that are created must be maintained over time and discarded when people leave your organization. For example, maintaining employee and outsourced staff records. It seems like an easy task. But maintaining identities in midsized and large organizations is challenging. To maintain all these identities manually is not feasible for any IT or business team. Thus, IGA solutions are implemented to make this task easier.

3.   Access Request Workflows

While asking for access to any kind of service, there must be a way to request for it. The best method to manage access requests is by using an IGA solution. It is designed specifically with workflows to manage access requests, approvals, and fulfillment of those requests. Access request workflows can get complicated if several approvers are involved. Thus, an IGA solution helps to route requests to the right people and grants the access once it’s approved. IGA also provides specialized features for information security analysts and auditors.

4.   Collection of Data Using Connectors

For an IGA system to work, it requires a lot of data about your people and their access rights. Many systems today collect data through “connectors”. These connectors are integrated with other systems to read and write data from them. Connectors can read data to collect information regarding the accesses people have in your system. Also, they write data to manage identity lifecycle events like creating new users and granting them access.

5.   Password Management

It is neither convenient nor feasible for people to remember dozens of different passwords and change all of them every 90 days (as they are ideally required to). An IGA solution will help you to manage these passwords. Rather than logging into multiple systems to manually change passwords, you can log into one. This will automatically synchronize your password to all of the other systems.

6.   Automated Provisioning

Once access requests are approved, the next step includes granting access. The easiest way to grant a request is to take a look at it and grant or reject the request. This method is hard to sustain in large organizations. Thus, IGA systems can help to automate this process. To enable automated provisioning, a connector must be implemented. After this integration is successful, a foundation must be built for automating granting access. Many IGA solutions are able to automate provisioning across multiple systems once they are integrated.

7.   Segregation of Duties

Segregation of duties prevents a person from performing a combination of risky activities. For example, if you initiate a wire transfer of money from your account, the IGA solution can ensure that you are not also able to approve the same transaction. Thus, IGA solutions provide you the ability to create rules that prevent defined types of access (entitlements or roles) from being granted to the same person. It also helps in discovering violations based on these rules. IGA’s ability to execute segregation of duties varies significantly, as these solutions are largely dependent on the applications your organization uses and the level of business process understanding you have.

8.   Engineering and Role Discovery

Several organizations today prefer to manage access through roles instead of assigning entitlements directly to people. Managing through roles is a better option because it lets you combine different types of access rights across multiple applications. Thus, people can request most of the access rights they need through a single role. Even though roles are a great way to save time, it is challenging to build a role in the first place. Many IGA solutions provide features for role discovery and engineering. It includes a simple process for helping you figure out what types of access rights should be included within a role. This task is usually executed using patterns, where the system finds similarities in access rights among users with common characteristics.

9.   Reporting and Analytics

IGA solutions provide you with a mechanism to report on and deliver deeper insights into data available to an IGA tool. Role mining is a typical analytics scenario used to design and optimize role definitions. A good IGA solution provides tight integration of identity provisioning, identity governance, access management. It must be scalable i.e. designed in such a manner that it accommodates the volume of entitlement and event data that a company generates as it grows over a period of time.