1 Executive Summary

Identity Governance and Administration refers to the increasingly integrated Identity Lifecycle Management and Access Governance markets.

Identity Governance and Administration (IGA) products support the consolidation and synchronization of identity information across multiple repositories and systems of record such as Human Resources/Human Capital Management and other systems in an organization's IT environment. This ensures the user accounts in these connected systems are up to date. The identity information including user accounts, associated access entitlements and other identity attributes is collected from across the connected source systems for correlation and management of individual identities and pushed to the connected target systems, including information about user groups as well as roles and assigned entitlements through a centralized administration console, with a backchannel for gathering information for Access Governance purposes.

Figure 1: KuppingerCole Reference Architecture highlighting IGA related capabilities

Identity Governance & Administration (IGA) being one of the core disciplines within Identity & Access Management (IAM). It serves three main capability areas, which are:

• User Access Provisioning (UAP)
• Identity Lifecycle Management (ILM)
• Identity and Access Governance (IAG)

User Access Provisioning (UAP) deals with the management and assignment of permissions and access to users across the designated systems and applications in an IT infrastructure of the organization. UAP supports various activities such as creation, modification, and deletion of user accounts. Provisioning and deprovisioning of access can be done automatically based on the roles. This area is responsible for pushing out the changes from the IGA solution to the target systems.

Identity Lifecycle Management (ILM) handles the end-to-end process for human and non-human identities from their creation to deletion. This process is responsible for implementing workflows and management of entitlement process for Joiner, Mover, Leaver (JML) activities.

Identity and Access Governance (IAG) is the element responsible for ensuring user accounts have the right level of access based on their roles and permissions. IAG follows enforcement of policies and access governance principles to avoid any Segregation of Duties (SoD) violations and unauthorized access. This area supports access reviews, analytics, anomaly and outlier detection, and role management.

User Access Provisioning and Identity Lifecycle Management are integrated to provide a seamless approach to managing identities whereas Identity and Access Governance ensures the right policies are enforced to ensure compliance with regulatory requirements.

This approach can also be found in the market with vendors specializing in particularly IAG capabilities. These vendors are targeting the niche market where organizations are looking at having only access governance features in a solution and not the full IGA package, or (more rarely) only UAP and ILM.

Thus these vendors can be classified as either comprehensive IGA vendors, as provisioning-focused, or as governance-focused. The vast majority of the vendors today offer combined capabilities to qualify as IGA vendors, while only a few, especially the new entrants, provide Access Governance or reporting capabilities to cater to specific needs of the organizations, mainly small and medium sized. This KuppingerCole Leadership Compass provides an overview of the IGA market with notable vendors and their products in the market. The vendors in this report offer a range of deployment options varying from on-premises (including the ability to host these by the customer itself or a Managed Services) or IDaaS, with IDaaS being either multi-tenant or single-tenant.

The top drivers for acquiring IGA solutions remain enhancing security, regulatory compliance, risk management, improved user experience, and operational efficiency by leveraging latest AI and machine learning technologies. In this year’s report, we have seen vendors invest heavily in automating certain capabilities and using AI and machine learning for recommendation-based features. The IGA market was already mature but with these new advancements, we have a new perspective on how vendors are managing identities, risks, analytics, and provisioning.

Typical buyers for IGA products are spread across various industry verticals. This trend can be seen mainly in sectors which require a high level of compliance with regulatory authorities. Finance, healthcare, manufacturing and industrial companies, technology firms, and government institutions are some of the main sectors seeking IGA products. The organizations deploying IGA solutions commonly range from mid-market to very large organizations. IGA products deliver strong capabilities in providing a centralized view of who has access, who provided the access, and who has access for how long. Companies in healthcare, finance and government sector which have critical data and strict regulatory compliance requirements rely on IGA solutions for governing identities and managing their life cycle. The IGA market has a global footprint and is not limited to a specific region.

This Leadership Compass with its focus on comprehensive IGA offerings will be followed by a Leadership Compass on Access Governance which will evaluate vendors based on core access governance capabilities. In addition, there is the Leadership Compass on Identity Fabrics, covering comprehensive IAM solutions spanning IGA, Access Management, and other capabilities.

With this series of Leadership Compasses and accompanying Buyers’ Compasses, we aim to provide CISOs and security leaders responsible for IAM the most practical and relevant information that they need to evaluate technology vendors based on the specific use-case requirements, whether these are IGA-driven, provisioning focused, governance focused, focused on comprehensive IAM suites such as Identity Fabrics or a combination of these.

1.1 Key Findings

• This Leadership Compass evaluates 30 IGA product vendors, with about one fifth being new in the analysis, compared to the previous edition.
• The IGA market is growing, and although maturing it continues to evolve by leveraging AI and machine learning for various capabilities.
• The level of identity and access intelligence has become a key differentiator between IGA product solutions.
• Automation is still the key trend in IGA to reduce management workload by automating tasks, providing recommendations, and improving operational efficiency.
• IGA is essential to business as a strategic approach to ensure overall IT security and achieve regulatory compliance.
• Leading IGA vendors are increasingly focusing on supporting interoperability with other products and services through the provision of secure APIs.
• The Overall Leaders are Saviynt, EmpowerID, SailPoint, IBM, Ping Identity, Broadcom, Oracle, One Identity, Identity Plus, OpenText, RSA, Omada, SAP, Netwrix, BAAR-IGA, CoffeeBean Technology, ZertID, Microsoft.