For an IGA solution, among plethora of capabilities, the following are table stakes - event-driven/resource-owner/orphaned-account/manager-based reviews, multi-level approval access requests with sequential/parallel/quorum-based approvals, customized forms for various Request types, remediation of SOD control violations. While this ensures that we have an apparatus to manage basic governance processes, it retains the administrative burden. Organizations are spending lot of resources on same set of activities and vendors are building same set of capabilities as before. The continuous adornment around these features is decelerating innovation in this space. The focal point instead should be around pruning the expanse of governance activities while not compromising on security or compliance objectives. The call to lighten the load on the line of business has never been louder. The key questions that management and stakeholders must answer are as follows:
