Has your organization established an identity governance and administration (IGA) program or implemented an IGA platform solution? What do you consider to be key success factors when it comes to identity governance?

Security Strategy & RoadmapIdentity & Access Management (IAM)
1.3k viewscircle icon5 Comments
Sort by:
Information Security Manager3 months ago

Our IGA journey began in 2012, and after four years, we chose Omada as our tool. Over the past eight years, we've learned that business processes drive IGA success, not technical aspects. Understanding how business processes operate, such as approval workflows and role definitions, is crucial. By aligning IGA with business inputs, we've successfully integrated major systems like Active Directory, Entra, ECC, and now S/4HANA.

Lightbulb on2 circle icon1 Reply
no title2 months ago

Agree to that specifically role based processes not position based processes. This goes quite neat with RBAC architecture than just having everything in PBAC (Policy Based) architecture that may lead to jungle of  customized user group policies

VP of Information Security3 months ago

In my experience, starting small is key to a successful IGA strategy. It's essential to identify critical risk areas, such as compliance-required applications and digital assets exposed to external threats. By categorizing and prioritizing these assets, you can manage the program more effectively and incrementally implement the right IGA solution.

Information Security Analyst3 months ago

We initiated a pilot program with seven applications but paused it to pursue a more advanced solution. Our current legacy system lacks support for open standards and doesn't offer adequate entitlement management or role management capabilities. We plan to restart the program with a new tool that better meets our needs.

1 Reply
no title3 months ago

We faced similar challenges with legacy systems complicating our IGA efforts. Interoperability is crucial, and we haven't yet achieved the desired results with our current identity governance tool. We're evaluating new tools to find a solution that aligns with our needs.

Content you might like

Are you confident in your organization's access control for LLM plugins?

Yes65%

No29%

Not sure4%

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

What are the biggest risks of poor Public Key Infrastructure (PKI) execution?

Downtime and Outages35%

Fail to issue/renew/revoke certifications55%

Failed Audits29%

All of the Above32%

None of the Above3%

View Results

We are currently evaluating a new Infosec awareness platform to replace or augment our existing solution with the goal of aligning with our strategic shift toward Human Risk Management. 
This initiative is driven by the need to: 
1. Deliver tailored, real-time awareness based on user behavior and risk profile 
2. Improve training relevance through role-specific content and interactive formats 
3. Ensure compliance through automated consequence management & lifecycle integration 
4. Consolidate LMS platforms and reduce duplication 
5. Host all training modules on our training content hosting platform which requires SCORM compatibility 
The platform must integrate with our existing identity and access management tools (Entra, SailPoint etc), support phishing simulations with Outlook integration, and provide access glass screening capabilities. We are also looking for customizable content aligned with Organisation look and feel, and automated reinstatement of access upon compliance.
Does any one have any experience or recommendation for such as tool?

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?