Data, Identity & Privacy

Identity Governance. The right access, and nothing more.

Access is easy to grant and almost never taken away. Over years, people accumulate permissions nobody remembers approving. Identity Governance puts that under control: who has access to what, why, and whether they should still have it.

Get access under controlSit in a review ›
Why governance

Most breaches travel on access that should not exist: a leaver still active, a mover who kept every old permission, a privilege granted for one project and never revoked. Excess access is the fuel that turns one compromise into a breach.

Identity and Access Governance, IAG, brings discipline to the full identity lifecycle. We make sure access is granted on a clear basis, reviewed regularly, and removed when it is no longer needed, for Human, Machine, and Agent identity alike. The result is a smaller blast radius and an access story you can prove to any auditor.

The lifecycle

Joiner, mover, leaver, done right

Most access problems start when someone joins, changes role, or leaves. We govern all three so access tracks reality.

Joiner

Access from day one

New people get exactly the access their role needs, automatically, on a clear basis.

  • Role-based access from the start
  • No copying a colleague's permissions
  • Provisioned, not improvised
Mover

Access that follows the role

When someone changes role, old access is removed as new access is granted, not piled on top.

  • Old permissions revoked on change
  • Privilege creep prevented
  • Access matches the current job
Leaver

Access gone the moment they go

When someone leaves, every account and permission is closed, with nothing left lingering.

  • All access revoked on departure
  • No orphaned accounts left active
  • Closed and documented
The review

An access review you can actually decide

This is the reviewer's seat: the entitlement, what it reaches, and when it was last used, side by side. Work the queue yourself. Every row is a decision.

Q2 certification queue · finance and engineeringIllustrative0 of 8 decided · 0 revoked
mei.tanHuman · Finance
ERP journal postingPost journal entries in the production ledger
2 days ago
Keep
omar.haddadHuman · Engineering · moved roles
prod-db administratorFull read and write on customer data
241 days ago
Revoke
svc-backup-02Machine · nightly job
Object storage writeBackup bucket, write only, no delete
6 hours ago
Keep
hr-report-AgentAI Agent · reporting
Read all HR recordsScope is wider than the reporting task needs
1 day ago
Reduce
lena.kovacHuman · left the company
VPN account · activeRemote network access, never deprovisioned
34 days ago
Revoke
diego.santosHuman · Finance
Vendor create + payment approveConflicting pair: can invent a vendor and pay it
12 days ago
Revoke
yuki.moriHuman · contract ended
Repository administratorAdmin on every code repository
58 days ago
Revoke
ci-deployMachine · release pipeline
Cluster administratorDeploys to one namespace, holds the whole cluster
3 days ago
Reduce
Every decision lands in the evidence trail with reviewer, timestamp, and rationale.
What we run

Governance that proves itself

Beyond the lifecycle, governance is about being able to answer the auditor's questions with evidence.

Access reviews

Regular, evidence-backed certification of who has access to what, so entitlements stay justified.

Role design

Clean, maintainable roles that map to the business, so access is granted by role rather than by request.

Segregation of duties

Conflicting access combinations detected and prevented, the toxic pairs auditors look for.

Audit evidence

A clear, current record of every entitlement and review, ready for SOC 2, ISO, and regulators.

Part of the loop

Where Identity Governance sits in VIGILE

Know and control

Identify the access, Guard the estate

IdentifyIdentity GovernanceGuard

Identity Governance is the Identify and Guard motions applied to access. We map who can reach what, then enforce least privilege across the lifecycle. It is the IAG half of Unified Access Management.

See Unified Access Management ›
FAQ

Top 10 questions, frequently asked

An identity provider authenticates people and grants access. Identity Governance is the discipline that decides whether that access should exist, reviews it over time, and removes it when it should not. The provider is the lock; governance decides who holds the keys and takes them back.

Yes. Service accounts, Machines, and AI Agents now far outnumber people and often carry standing privilege nobody reviews. We govern them with the same lifecycle discipline as human identities, because that is where a lot of the unmanaged risk now lives.

With discovery and a first access review. We map who has what today, surface the obvious excess and the orphaned accounts, and clean those up. Then we put the lifecycle and review process in place so access stays controlled rather than drifting back.

Identity Governance covers all access across the lifecycle. PIM and PAM focus on privileged access specifically, the powerful accounts that need just-in-time elevation and tight control. Governance sets the policy; PIM and PAM enforce it for the highest-risk access. They work together under Unified Access Management.

Discovery across your directories and apps, a cleanup of accumulated access in risk order, recurring access reviews that owners actually complete, and lifecycle automation for joiners, movers, and leavers.

The first risk-ordered cleanup typically runs over one to two quarters, starting with privileged and dormant access. Usage is measured before anything is removed.

Reviewers see usage data next to each entitlement: what it grants, when it was last used, and what it can reach. Unused access defaults to removal rather than renewal.

Review completion with decisions on record, lifecycle event trails, and entitlement changes with owners and timestamps, exported from the same dataset your team works in.

By identity count and connected systems. Most engagements begin with a discovery and risk assessment, then move to a managed governance retainer.

Discovery runs in Identify, right-sizing in Guard, reviews and lifecycle in Implement, with the evidence feeding the quarterly Enhance readout.

Identity Governance datasheetThe lifecycle model, the review operating cadence, role design method, segregation of duties controls, and the audit evidence package.
Download the datasheet

Related work

Solution

Unified Access Management

The full Secure Identity 360 model that governance sits within.

Learn more ›Service

Managed PIM

Just-in-time elevation for privileged roles.

Learn more ›Service

Managed PAM

Vaulting and session control for the most powerful accounts.

Learn more ›

Know who can reach what

Book a session with a Principal Engineer. We map your access today and show you where the excess is.

Get access under controlBrowse all services ›