definition of terms

Identity governance and administration (IGA) refers to the sub-area of identity and access management (IAM) that focuses on the control, traceability, and automation of user identities and access rights. While IAM enables access, IGA ensures that this access complies with security and compliance requirements.

Functions and objectives of IGA

• Automation of user processes: e.g., provisioning, role assignment, onboarding, and offboarding
• Governance and compliance: e.g., through access certifications, policy controls, and audit trails
• Risk reduction: by avoiding excessive or outdated permissions
• Transparency and control: clear insight into "who has access to what—and why?"

When is IGA used?

IGA is used when organizations want to control access across multiple systems in a secure and traceable manner, whether in the cloud, on-premises, or in hybrid environments. Especially in regulated industries (e.g., finance, healthcare), IGA is a central component for auditability and legally compliant identity management.

What are the specific benefits of IGA?

Identity governance and administration (IGA) is particularly relevant for companies and organizations that:

• are subject to high regulatory requirements (e.g., financial sector, insurance, energy, healthcare)
• Manage a large number of employees, partners, or external identities
• work with critical or sensitive systems and data
• operate complex IT landscapes with many systems, roles, and locations
• must meet strict requirements for auditability, transparency, and risk minimization

IT security officers, compliance teams, audit and governance departments, as well as HR and specialist departments, benefit directly from IGA. They can use centralised processes to ensure that access rights are correctly assigned, reviewed, and revoked.