Identity Governance and Administration (IGA) platforms provide the technology foundation for identity governance. They automate the processes of identity lifecycle management, access certification, role management, SoD analysis, and compliance reporting.
Choosing the right IGA platform and architecture is one of the most consequential decisions an IAM architect makes — the platform must serve the organisation for 5-10 years while the identity landscape continues to evolve.
IGA Platform Capabilities
Core Capabilities
Capability
Description
Maturity Required
Identity lifecycle management
Automated provisioning and deprovisioning across target systems
Strong legacy system support, privileged access governance
Highly regulated, legacy-heavy enterprises
Tip
When selecting an IGA platform, prioritise target system coverage above all other criteria. The best IGA platform in the world is useless if it cannot connect to your most critical applications. Evaluate connectors for your specific target systems in the proof of concept, not just in the vendor’s documentation.
IGA Implementation Best Practices
Phase
Activity
Pitfalls to Avoid
Discovery
Document all target systems, user populations, and integration requirements
Underestimating the number of target systems or integration complexity
Design
Design role model, certification campaigns, approval workflows
Over-engineering before proving value; review with real managers
Build
Configure connectors, develop workflows, implement role model
Custom development where vendor functionality exists
Test
Test provisioning, certification, and reporting end-to-end
Testing only in lab — test with real user data
Deploy
Phased rollout — start with one target system or user group
Big-bang deployment; start with pilot group
Operate
Establish IGA operations team, define SLAs, monitor health
Assuming IGA runs itself — it requires ongoing administration
Key Takeaways
IGA platforms automate identity lifecycle, access certification, role management, SoD analysis, and compliance reporting — they are the technology foundation of identity governance
IGA architecture centres on an integration bus with connectors to HR systems, target systems, directories, SIEM, and ITSM — connector coverage is the most critical selection criterion
Deployment models span SaaS (lowest overhead), on-premises (maximum control), hybrid (balanced), and managed service (minimum operations)
Key integration patterns include HR → IGA (identity feed), IGA → Directory (account management), and IGA → Target Systems (provisioning)
Platform selection should prioritise target system coverage, certification capabilities, role management, and scalability — evaluate connectors with your specific systems in the proof of concept
Implementation best practices include phased rollout starting with a pilot group, testing with real user data, and dedicating ongoing operational resources — IGA is a program, not a one-time project