Governance describes how organizations, companies, governments, or systems are directed and controlled. Governance typically includes structures, rules, processes, and best practices.

IST-SOLL is a commonly used concept in IT and process optimization. IST refers to the current state and SOLL to the desired state. Based on an IST-SOLL analysis, we can plan desired improvements or changes.

Identity Governance and Administration (IGA)

What is IGA?

Identity Governance and Administration (IGA) focuses on the policies and management of digital identities and their access rights across the organization. IGA includes processes and systems to ensure that, at any time, the right people have access to the right resources. This must be done in a way that allows the organization to comply with laws and regulations at all times demonstrably. There must also be tools to verify whether identity management remains aligned with broader organizational policies and to identify opportunities for improvement and optimization. As a result, IGA generally goes further than many common IAM solutions. We explain this further in this article.

Het verschil tussen IGA en IAM

The Difference Between IGA and IAM?

The description above is not a formal definition. In fact, you would have to search hard, if it is even possible, to find a formal or scientific definition of IGA. Nearly all vendors, specialists, and analysts use their own descriptions with notable differences and often without clear boundaries. Sometimes IGA is seen as an extension of IAM, although an analyst such as Gartner describes the term Identity Management in its glossary in such a way that IGA and Identity Management are synonymous:

“Identity management is an activity within the identity and access management function that concerns the governance and administration of a unique digital representation of a user, including all associated attributes and entitlements.”

However, most parties position IGA as a progression path from Identity Management, where IGA focuses more explicitly on the policies, control, and evaluation of your identity management. This includes topics such as identity lifecycle management, reconciliation, business rule management, auditing, etc. Tools4ever takes the same view of Identity Governance & Administration, as we explain below.

Evolving From IAM to IGA

IAM consists of Identity Management (IM) and Access Management (AM). Traditionally, identity management focuses on the administration of identities and their access rights, while access management focuses more on the technology (SSO, MFA, etc.) to properly secure that access.

Today, the AM component is increasingly implemented with mainstream solutions such as Microsoft Active Directory or EntraID. As a result, the built-in access management functionality of IAM environments is becoming less relevant. Most HelloID customers use EntraID for their access management. At the same time, the HelloID AM module is still primarily used for special cases and migration scenarios, such as when the Microsoft solution is unavailable or less suitable.

At the same time, we are continuously developing our Identity Management functionality toward a full-fledged IGA environment. This includes functionality that not only provisions and manages digital identities operationally but also supports attribute-based access control, reporting, and audit capabilities.

We are establishing control over identity management throughout the entire identity lifecycle. We not only provision users with the right accounts and rights upon hire, but also when they move to another role in the organization. When someone leaves the organization, sensitive data is automatically removed from access, preventing data breaches. This way, you integrate identity management more closely into your broader business policies and ensure ongoing compliance with laws and regulations.

The functionality mentioned above is already part of the HelloID Provisioning and Service Automation modules. However, we are adding more governance-related capabilities. Reconciliation and integrated role mining are examples. We describe this governance development in more detail below.

Why is IGA Important?

IAM originated as an IT operations process that we designed as efficiently and controllably as possible. This involves not only granting the right access during onboarding, role changes, and offboarding of employees. You also want to process individual license and access requests effectively. Although this can become quite complex with large numbers of users and applications, IAM usually remains an internal IT matter.

That has changed over time because many organizations today are almost fully digital, and identity management has become a primary business process; operations effectively stop if systems are not accessible. You must also be demonstrably compliant with strict privacy legislation, such as GDPR, and with security standards, such as ISO 27001, BIO, or NEN 7510. Non-compliance with these laws and standards is not an option and can significantly impact your market position and reputation. Penalties can also be substantial. For the CIO or IT manager, this is an important agenda item, and identity management has been elevated from an IT operations process to a key governance issue. Your Identity & Access Management evolves into Identity Governance & Administration.

Our IGA Roadmap With the HelloID Governance Module

IGA goes a step further than IAM. With IAM, you get in control; with IGA, you stay in control. With IAM, you effectively turn off the faucet; you operate according to policy, enforce processes, and stop the unnecessary leaking of access rights. HelloID governance functionality then ensures ongoing control by keeping identity and access management aligned with your current business operations and applicable laws and regulations. We have developed a set of features that, among other things, help you further optimize access governance and resolve mismatches between systems. We briefly introduce these features below.

Governance Features

With the Governance module, we provide the following capabilities, which we continue to expand:

Reconciliation helps you effectively inventory, review, and resolve differences between HelloID, which represents the target state (the SOLL situation), and the actual situation in target systems (the IST situation).
The Toxic Rules management automatically prevents conflicting rights from being issued. HelloID detects potential conflicts and, as much as possible, resolves them according to configured standard rules.
The Integrated Role Mining capability makes it easier within HelloID to recognize patterns in source data and issued rights and resources. This allows you to optimize business rules further.
The Advanced Role Model reduces complexity by streamlining the management of a large set of business rules. Your identity management becomes smarter and more refined while remaining manageable.
Recertification regularly checks resources previously granted through self-service requests. HelloID verifies whether the resource is still needed for the user and complies with policy.
Product Suggestions makes self-service product requests by users and their managers easier and better. This makes self-service more user-friendly, efficient, and cost-effective.
With Advanced Approval Workflows, we can configure more intelligent workflows to automate advanced product requests.

These are examples of current governance features on the roadmap that we will continue to evolve.

Benefits of IGA

IGA delivers several advantages. Examples include:

Better compliance with laws and standards. With the reconciliation functionality, you can immediately demonstrate that the registered rights structure (your IST) has also been fully implemented in the underlying target systems (the SOLL).
Optimization of your rights structure. With functions such as Toxic Rules Management, Role Mining, and the Advanced Role Model, we can continuously improve the existing rights structure and align it more closely with broader business operations.
Improved service processes. Recertification, for example, ensures that rights are granted only when truly necessary. With Product Suggestions and Advanced Approval Workflows, we combine security and user-friendliness optimally in your self-service processes.

Want to Learn More About Our Governance Roadmap?

If you want more information about the governance features described above, we recommend watching our webinar on the HelloID Governance module. Our specialists explain the newly developed functionality and the roadmap plans.