What is Identity Governance & Administration (IGA)?

Understanding Identity Governance and Administration systems

What is IGA?

Identity Governance and Administration (IGA) enables security administrators to efficiently manage user identities and access across the enterprise. It improves their visibility into identities and access privileges, and helps them implement the necessary controls to prevent inappropriate or risky access.

IGA combines Identity Governance and Identity Administration. Identity Governance is about the segregation of duties, role management, logging, analytics and reporting, while Identity Administration is related to account administration, credentials administration, user and device provisioning, and managing entitlements.

The Need for IGA

In enterprise settings, increasing digitization means more devices, users and data across on-premises and multicloud/remote environments. In such complex IT ecosystems, it’s difficult to effectively manage user identities and access. But if users are given excessive or unnecessary access to systems, applications or data, it increases security risks, and makes the organization vulnerable to cyber attacks and data breaches.

With IGA tools, security personnel can track and control user access for both on-premises and cloud-based systems. They can ensure that the right users have the right access to the right systems, and detect and prevent inappropriate access. By implementing the right controls with IGA, enterprises can minimize risk and maintain regulatory compliance.

Features of IGA Solutions

IGA tools enable enterprises to accurately and efficiently streamline user identity lifecycle management. Security administrators can automate the process of provisioning and de-provisioning user access throughout their access lifecycle. To enable this automation, IGA solutions work with Identity and Access Management (IAM) processes. IGA also works with IAM to help admins manage permissions, and maintain compliance with accurate reporting.

IGA systems generally include these elements for Identity Administration (IA):

Password Management and Security

IGA tools like password vaults securely store usernames and passwords for multiple applications. Users have to remember only one password, so they’re more likely to use a complex, unique password that’s hard to steal or compromise, thus minimizing the organization’s vulnerability to outside threats.

Increasingly, organizations are also adopting IGA tools like OneLogin’s Single Sign-On (SSO). SSO allows users to log into multiple accounts using just one set of credentials. It reduces the frequency of logins and the number of credentials stored, thus protecting the organization from potential breaches.

Integrations Connectors

Connectors enable IGA tools to integrate with directories and other enterprise systems that contain information about users, the applications and systems they have access to, and their authorization within those systems. These connectors read this data to understand who has access to what, and also to write data to create new users and grant them access.

Automated Access Request Management Workflows

Automated workflows make it easier for users to request access to the systems they need to do their work. Moreover, admins can easily onboard and offboard users, determine which roles require which level of access to applications and systems, and approve user access.

Provisioning

IGA streamlines the process of provisioning and de-provisioning access permissions at the user and application level – for both on-premises and cloud-based resources.

Entitlement Management

Security admins can specify and verify what users are allowed to do in various applications and systems. For example, some users may be able to add or edit data, while others may only be allowed to view data. A few may also have permissions to delete data.

Identity administration manages passwords, entitlements, provisioning, access requests, and integration

Identity administration manages passwords, entitlements, provisioning, access requests, and integration

IGA systems generally include these elements for Identity Governance (IG):

Segregation of Duties (SoD)

To avoid error and prevent fraud, security teams can create rules that prevent risky sets of access or transaction rights from being granted to a single person. For example, SoD controls would prevent a user from being able to both view a corporate bank account and transfer funds to outside accounts, either carelessly or with malicious purposes. SoD controls should be in place within a given application, and also across multiple systems and applications.

Access Review

IGA tools streamline the process to review and verify user access to various apps and resources. They also simplify access revocation, for instance, when a user leaves the organization.

Role-based Access Management

With role-based access control (RBAC), user access is determined according to their role, so they can only access the information necessary to perform their job duties. By preventing unnecessary access – especially to sensitive data – RBAC increases enterprise security and prevents breaches.

Logging, Analytics and Reporting

These IGA tools log user activities and enable security personnel to identify security issues or risks, and raise alarms in high-risk situations. They can also suggest security improvements, start remediation processes, address policy violations, and generate compliance reports.

Governance administration includes access reviews, analytics and reporting, role-based management, and segregation of duties

Governance administration includes access reviews, analytics and reporting, role-based management, and segregation of duties

The Benefits of IGA

Simplified User Identity Lifecycle Management

As user associations within the organization change – say, because they transfer to a different department or leave the organization – access requirements also change. IGA makes it easy to manage these changes, from provisioning to de-provisioning. IGA also helps maintain control over users, devices, networks and other IT resources through password management, permissions management, and access requests management.

Track Dangerous Access Requests

An IGA system provides a centralized approval location, making it easy for users to ask for the access approvals they need to fulfill their responsibilities. Centralization also enables administrators to manage permissions, track and detect suspicious activities, and prevent potential threat actors from accessing enterprise systems or data.

Event Logging and Reporting for Improved Security and Compliance

Detailed event logging, reports and analytics help IT admins to understand what’s happening across the enterprise environment and quickly find any issues or risks. They can then troubleshoot problems to protect business-critical resources. Data centralization also enables admins to audit access reports to meet compliance requirements.

Flexible Access Improves User Productivity

With robust IGA tools, organizations can safely allow and control remote access to maintain business continuity while also preventing breaches. Such flexibility enables employees to work from anywhere, and thus improve their productivity and performance.

Supports Enterprise Scalability

IGA solutions support centralized policies and automated workflows which help reduce operational costs, ensure that employees can access the resources they need, reduce risk, and improve compliance. All these benefits allow the organization to scale organically, which they wouldn’t be able to do with manual processes or limited visibility into users, identities and systems.

Why is Regulatory Compliance Important?

Regulations are meant to protect users and/or data, and increase trust between various entities. For example, the Health Information Portability and Accountability Act (HIPAA) was created to safeguard users’ healthcare information. It requires healthcare organizations to implement appropriate safeguards to ensure the security and privacy of patient data.

Similarly, the Sarbanes-Oxley Act (SOX) imposed mandates to improve financial record-keeping and audits in publicly traded companies. The aim is to bolster trust in companies’ financial information, and prevent fraud. Another regulation, the Payment Card Industry Data Security Standard (PCI DSS) specifies requirements around security management, policies, and procedures to protect customers’ credit card data.

It’s important for organizations to comply with all regulations that apply to them in order to avoid the legal or financial penalties of non-compliance. Compliance also enables them to earn customers’ trust and grow their business. Regulatory compliance also means that they have the controls in place to safeguard their systems and data, which protects them from cyber attacks and data breaches.

How is IGA Different from IAM?

IGA is a sub-category of Identity and Access Management (IAM). However, IGA systems provide additional functionality beyond standard IAM systems, and help address common IAM challenges.

For example, inappropriate and/or outdated access to enterprise resources is a common problem in IAM. A remote workforce, time-consuming provisioning processes, weak Bring Your Own Device (BYOD) policies, and strict compliance requirements are some other IAM challenges. These issues increase security risk, and also weaken organizations’ compliance posture. However, they address these challenges by strengthening their IAM systems with IGA.

With IGA, organizations can automate the workflows for access approvals and reduce risk. They can also define and enforce IAM policies, and audit user access processes for compliance reporting. That’s why many organizations use IGA to meet the compliance requirements laid out in HIPAA, SOX and PCI DSS.

Conclusion

All organizations can benefit from IGA solutions. IGA improves visibility into what users can and can’t access, which helps IT admins to streamline identity management and access control, efficiently mitigate risk, and protect business-critical systems and data. IGA also helps improve and maintain compliance. In today’s complex IT and cybersecurity landscape, IGA tools empower organizations to protect themselves, improve resilience, and achieve scalable growth.

Related Resources:

Identity Management Compliance

Close the loop on identity compliance with intelligent identity analytics and policy reporting.

Learn More

1 Simple Step to Comply with EU DPD, GDPR, and Other Regulations

OneLogin’s Custom Terms and Conditions feature requires users to agree to a set of rules before logging into the portal.

Read the Blog

Compliance in the Era of Cloud

Get actionable insights for driving a more compliant portfolio of cloud services.

Watch the Webinar