Identity Governance and Administration (IGA)

The management of users' identities and their authorizations

IGA concerns the management of users’ identities and their authorizations (their rights in the information system applications), and the fact that these authorizations are, at all times, deployed in the applications in accordance with the current business situation. For example, an employee who has left the company should no longer have rights to the applications he or she was using. Identity governance and management is the convergence of two technology segments: identity and access governance on the one hand, and the management and provisioning of user accounts and credentials in the information system on the other. The IGA comprises the following elements:
Identity provisioning: repository of information relating to the identity of people or applications and the deployment of the associated settings in the IT infrastructure, allowing these people or applications to use IT resources thanks to the identifiers positioned.
Access Governance: repository of access rights (authorizations, “entities”) of persons or applications and the deployment of the associated settings in the IT infrastructure, so as to allow them access to IT resource capacities with respect to the rights set. Different approaches exist (via groups, via roles – RBAC, via attributes – ABAC, via structures – OrBAC, etc.).
Entitlement analytics: the tools for discovering, analyzing, controlling and monitoring entitlements configured and effectively applied in the information system, in order to detect deviations from the security policy desired by the company and from the regulatory obligations in force. The aim is to answer the questions: “Who has access to what? Is it compliant? Can I prove it?”. This functionality enables auditing and control, role mining, segregation of duty, certification of rights, etc.