Identity Governance and Administration (IGA) solutions are critical for organizations to keep up with the pace of change being driven by digital transformation. From internal employees to third party partners, customers, and machine identities, today an organization must effectively manage digital identities across a wide variety of on-premises, hybrid and multi-cloud applications.
Gartner® recently completed a report titled Solution Comparison for Identity Governance and Administration that compared IGA vendors on seven core capabilities:
The report compared five vendors and their abilities across these seven capabilities in order for organizations to make better decisions when selecting a full-featured IGA solution to support their business needs. Inclusion in the report was based on inquiry volume and Gartner’s own analysis.
Saviynt received the highest possible scores for Access Certifications, Access Request/Workflow, Basic Analytics/Reporting/Audit, Entitlement/Role/Policy Management and Identity Lifecycle Management and Fulfillment, leading to an overall Core Criteria score of 95/100 and a Competitive Criteria score of 93/100, one of the highest in both areas. According to the report, Core Criteria “reflects a list of capabilities that every IGA solution evaluated for this Solution Comparison was expected to possess,” while Competitive Criteria reflected “capabilities that distinguish one IGA solution from another.”
You can learn more about the report and access it directly from Gartner here. The rest of this post is on Saviynt’s point of view on each area reviewed.
Access requests and workflows refer to how users and administrators request and receive access to applications and repositories that contain the information needed to perform their daily activities.
Modern IGA solutions leverage workflows that allow users to request access from a variety of sources, including information technology service management systems (ITSMs) such as ServiceNow, mobile devices, web interfaces, and more. These types of self-service requests allow for a more frictionless experience for users and help increase user adoption of identity security programs. Leveraging automation capabilities can create designated approver notifications, delegation and separation of duty (SoD) rules, and escalations. Additionally, risk-based intelligence capabilities provide the ability to recommend and provide approval confidence for identities requesting access.
Certifying access is required for many organizations to maintain compliance with industry and governmental regulations. For everyone else, it is good business practice. Properly implemented, the certification process enable least privileged access throughout an enterprise allowing entitlement reviewers to quickly verify user access. Certification capabilities should include the ability to delegate reviews to alternative reviewers in case the primary entitlement owner is unavailable.
Automation streamlines the certification process by enabling the creation of risk-based rules and approval paths that allow for the creation of designated approver paths, notifications, delegation rules, and escalations. Simplifying the access review process through the use of risk-based intelligence helps remove rubber stamping by overwhelmed IT administrators and department managers.
Traditional coarse-grained, role-based entitlement management revolves around a single factor, like a role or group membership. However, the emergence of today’s new user types, platforms, and data sources, requires more refinement than the “all-or-nothing” approach of the past.
Fine-grained management aggregates full entitlement information from all identities into a centralized hub, enabling application owners to make smarter decisions. Candidate roles can be suggested based on common entitlement assignments through peer analytics. Classifications should extend to birthright, application-based, business-based, and dynamic roles, allowing teams to aggregate the most detailed level necessary for business functionality and deliver on a least-privileged access model.
Joiner, mover, and leaver actions for every identity should be efficiently managed throughout their journey. Lifecycle management isn’t just needed for birthright provisioning or sunsetting, but includes changes as an identity moves throughout an organization. A common example is of an individual working within a healthcare organization. This person may be a student, but also a nurse, changing roles as they serve in different capacities throughout their tenure. They don’t need the same access between departments and their access should change accordingly.
Any solution in today’s marketplace will deliver some level of analysis and reporting. Analytics should easily provide views into how well one’s identity program is performing. Organizations can use this information to perform essential cleanup of things such as over-privileged access and orphaned accounts, as well as investigate anomalous activities. Reports should be easily created and reviewed, supporting internal reviews and external audits necessary to prove or maintain compliance with relevant regulations.
At a more advanced level, analytics and reporting should perform on a continuous basis to maintain compliance. Modern solutions also take risk into account, providing insights so organizations can prioritize remediation actions. Automation (not the last time to be mentioned in this post) through machine learning is available with leading IGA solutions.
Adopting cloud-based solutions helps organizations shed tech debt. However, many organizations will still struggle if they remain dependent on point solutions. Converged solutions deliver consistent features across hybrid and multi-cloud environments, without needing multiple products. The increased implementation and management costs associated with multiple cloud-based solutions increases the TCO for organizations. Solutions that provide converged capabilities built on a single framework help organizations both reduce costs (TCO) and increase productivity (ROI).
Saviynt Enterprise Identity Cloud is a converged identity platform that consolidates management of multiple IAM capabilities, including IGA, privileged access management (PAM), and third-party, application access and data access governance in a single solution that unifies identity security. This convergence allows large organizations to quickly adopt a full-featured, identity security platform while allowing smaller organizations to efficiently build from a lightly deployed solution to an enterprise deployment as their needs change and grow.
Converged Identity Platforms should be analyzed based on their single platform capabilities to deliver a holistic solution. “Dis-integrated” platforms, where multiple solutions are used to cover for missing features of one or the other, often lead to some of the existing challenges organizations are trying to get away from, such as multiple points of management and administrator/user fatigue, lack of identity visibility across hybrid or multi-cloud environments, and excessive customization.
Learn more about Saviynt EIC today and experience a truly converged identity security platform.
¹Gartner® Solution Comparison for Identity Governance and Administration, Published 11 November 2022 by Nat Krishnan, Gautham Mudra
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.