The Top 10 Identity Governance And Administration Solutions

Broadcom is a global technology leader and an established market player. They acquired CA technologies in 2018 and Symantec Enterprises in 2019, and design, develop and supply semiconductor and infrastructure software solutions. Broadcom offers its Identity Security products under the Symantec Security Software brand, which provides a full complement of identity management and governance capabilities and maintains a well-integrated platform.

The Broadcom products provide a strong offering of IGA features, which include user access certification, role discovery, Segregation of Duties (SoD), entitlement clean-up, automated workflows and policy management. Also included is an access risk analyzer and a simulator capable of estimating a user’s risk score based on changes to the context of an access request. Symantec IGA boasts a user-friendly, modern interface and provides users with an entitlement catalog and shopping cart approach to usability.

Other features include the ability to identify and notify potential SoD when selecting entitlements at shopping cart check-outs, are limited to SOD checks compared against current entitlements. Solid support for out-of-the-box provisioning and de-provisioning is available for on-premises and SaaS applications, and the solution also provides an out-of-the-box connector to Privileged Access Manager for provisioning and de-provisioning PAM across user accounts. Broadcom’s audit and compliance capabilities are good as they have some OOB reports for major compliance frameworks available, as well as a broad selection of OOB integrations for ITSM tools, and authenticator options for user access to self-service functionality and admin UI.

Symantec IGA is a mature and strongly-featured product that is best suited to larger, more complex IGA deployments. These products are highly scalable with speedy deployment times, both on-premises and as a virtual appliance, so would be a good option for organizations interested in having the flexibility to scale up or down as needed.

ForgeRock is a leader in digital identity, delivering cutting-edge and comprehensive identity and access management solutions that allow employees, consumers and machines to easily and safely connect to and access the digital world. ForgeRock Identity Governance is an AI-driven, modern IGA solution that leverages an identity analytics engine to help identify and apply correct user access, automate high-confidence access approvals, make certification recommendations for accounts that are low risk, and automatically remove unnecessary roles and entitlements.

ForgeRock Identity Governance allows organizations to automate high-confidence user access approvals to save valuable time, simplify the management of modern dynamic workforce demands, and empower employees by giving them automated, policy-based self-service access to any and all applications and systems. The solution takes a strong security and risk reduction approach by continually identifying and monitoring high-risk access, as well as providing insight into enterprise-wide user access risks and visibility, and providing contextual awareness into which individuals have been granted access to what assets, and why.

ForgeRock Identity Governance also supports compliance needs by enforcing compliance and putting segregation of duties policies in place to reduce risk, automating all high-confidence access certifications through AI-based remediation recommendations, and granting and enforcing secure access to applications and systems in accordance with the established business policies quickly and efficiently.

ForgeRock’s intelligence-based approach gives security and risk professionals the tools to successfully accelerate secure access and achieve solid regulatory compliance, all while minimizing both cost and overall risk across the whole organization. Their solutions are best suited to larger, more complex organizations—particularly those in the finance sector—who are interested in deeper customization capabilities and in consolidating their IAM afford with a single vendor.

ADManager Plus is an enterprise identity governance and administration solution for Active Directory, Microsoft 365, and Google Workspace. ADManager Plus enables user account provisioning, reporting, workflow automation, and integration with third-party applications, all managed via one centralized admin console.

ADManager Plus enables teams to automate user accounts provisioning across Active Directory, Microsoft Exchange, Microsoft 365, Google Workspace, and Skype, with simplified onboarding via CSV upload. The platform supports comprehensive identity management use cases: admins can manage file server permissions and create groups to manage teams and security policies. Admins can also manage password policies and resets. For Office 365, admins can create and manage user groups, manage licenses, and set up new mail addresses.

ADManager Plus allows teams to generate user level and group reports, including identity risk assessments and compliance reports for SOX, HIPAA, PCI, and GDPR. In addition, ADManager Plus also integrates with third-party applications via REST APIs and webhooks, providing functionality with commonly used applications like ServiceDesk Plus, Jira, and Splunk. The platform provides a backup component for AD, Azure and Google Workspace.

ADManager Plus is a comprehensive solution for companies looking to centralize and streamline identity and access management. The platform is fully featured, with comprehensive management capabilities across user management and provisioning, security rules and policies and access management. The admin interface is modern and customizable, with a range of reports, risk scores and integrations available to extend capabilities. Overall, ADManager Plus is a strong solution for teams to consider. 

Bravura Security is an industry leader with decades of experience in supporting enterprises— including Fortune 500 companies— all over the world in their efforts to secure access to systems both on-premises and in the cloud. Bravura Identity comes with a mature set of IGA features that cater to the typical needs of organizations, including a broad set of provisioning connectors.

Bravura Identity is an integrated solution designed to manage identities, groups, and security entitlements across applications and systems. The solution includes capabilities such as the automated granting or revoking of access in the event of a change to a system o record being detected, a web portal that allows users to review the status and access rights of other users alongside profile updates and certifications, and full lifecycle management for roles and groups on target systems.

With the workflow manager, specific users are invited to oversee and review requests, complete tasks, and review access. The solution also includes policy informants which relate to RBAC, SoD, risk scores, and privacy protection. With the reports, dashboard, and analytics that Hitachi’s solution provides, organizations can also examine trends, access rights, consistency of data, and policy compliance, making it easier to identify and rectify any issues that may occur.

The focus Bravura Identity places on strong automation ensures rapid deployments and high user adoption, makes this solution an attractive one for organizations looking for preconfigured processes, speedy deployment and out-of-the-box functionality. Users typically rate the solution well, praising for the IGA functionality for meeting all expectations and the smooth, frictionless, and on-time deployment process.

IBM is a leading cloud platform and cognitive solutions company, serving clients in 170 countries. Their mature and scalable IGA suite, IBM Security Identity Governance and Intelligence (IGI), is fully featured with strong integrations to the IBM ecosystem in particular but also to other ERP systems. This solution is network appliance-based and employs business-centric rules, activities, and processes. IBM IGI focuses on collecting and analyzing identity data to support the regulatory compliance of enterprise IT teams.

IGI offers a range of useful features including: end-to-end user lifecycle management, which reduces the need for manual input; access certification to provide flexible and powerful workflows, which let users easily recertify access; and powerful identity analytics, which make it simpler to identify areas of risk and allow for better visibility and user access control for role mining and role modeling. IGI also takes a unique business activity-based approach to model separation of duty violations, offers native integration with ServiceNow, and provides users with full coverage password management.

The solution easily integrates with several PAM products and supports SAP role cleansing and user violation mitigation, on top of ensuring that any personal data the organization processes, collects, and stores is properly protected. IGI integrates with QRadar UBA for insider threat management, allows for fine-grained control on RACF, and gives you the option to combine preventive and detective controls such as the principle of least privilege and separation of duty, which can then be flexibly modeled and reviewed by business users. This ensures the right stakeholders are involved in policy defining and reviewing any violations.

This solution provides improved insight into how access is being utilized and prioritizes compliance actions with risk-based insights, and this clear, actionable intelligence leads to better-informed decisions. Users of IGI review the identity life cycle and entitlements management capabilities particularly highly.

One Identity, a Quest Software business, helps organizations establish an identity-centric security strategy with their award-winning offering, which addresses enterprise management, industry compliance needs, and auditing via a single, unified platform. One Identity’s identity governance solution is available in 13 difference languages, which makes it a popular choice amongst global organizations, and works to govern identities and access for all users whether in on-prem, hybrid or cloud environments.

With One Identity’s solution, you can easily manage the lifecycles of all identities, including altering access to resources as user’s responsibilities change. The solution makes it simple to grant access rights by defined roles, policies and rules, as well as deliver standard on and off boarding processes for employees and contractors. With access certification the identity governance and administration processes—which include managing user identities, controlling privileges and configuring security across the enterprise— are streamlined, with these capabilities extending to user application access, unstructured data and privileged accounts.

The solution lets admins simplify privilege governance through defined roles and associated policies, and access approval workflows. It also enables users to make access requests for network resources, physical assets, groups and distribution, streamlining access rights and permissions processes throughout the identity lifecycle using predefined processes. Finally, One Identity’s IGA Suite enables organizations to meet compliance requirements by delivering audit-ready reports and providing identity governance for SaaS applications.

One Identity’s identity governance solution is overall rated highly and praised in particular for the product capabilities, service, and support. However, while a solid product, the IGA Suite would benefit from some simplification to ease the implementation and learning process. This solution is full-featured and, with capabilities like self-registration, a self-service portal, and a PAM module, is well suited to organizations interested in strong IGA capabilities alongside other broader needs, like modest consumer identity management and privileged access control.

Oracle Identity Governance is an enterprise identity management system that provides actionable identity intelligence via automated controls, rich dashboards, and risk-based analytics that help to manage potential risks and enable rapid compliance. This solution allows enterprises to manage the identities and access privileges of their employees, customers, and business partners via a single unified platform and offers complete user lifecycle management and access entitlement controls across a range of services for both on-premises and cloud environments.

Key features of Oracle’s IGA solution include their business-friendly self-service interface, wizard-based self-service application onboarding UI, and centralized and extensible access catalogue for managing business-friendly definitions for roles, applications and entitlements. This solution also aims to boost security and improve IT efficiency through streamlined access requests with intuitive and flexible approval workflows and policy-driven provisioning, as well as manage risk and reduce cost via integration with leading PAM vendors for privileged user access.

Oracle enables role-based access control with role intelligence that is machine learning-based, alongside advanced role lifecycle management and role analytics. The solution also provides user-intuitive, risk-driven identity certifications and closed loop remediation, with enhanced group and customer reviews for focused review and certifications. It is easily to scale larger or smaller using Open Application Model (OAM) with Docker or Kubernetes images to quickly deploy instances of Oracle Identity Governance on-premises and in the cloud.

Oracle Identity Governance incorporates leading industry standards including J2EE, SCIM/REST, BPEL, and OASIS. The product is extensive and offers full IGA suite capability, making it a suitable option for larger enterprises with the capacity to invest in IAM long term. Users have mentioned the need for more simplification as the solution can be complex, but generally it is well rated, particularly for its customizability, scalability and the well-defined connector framework.

Prove is a market-leading provider of user authentication and identity verification solutions that enable organizations to seamlessly onboard new customers, authenticate users accessing their applications and services, and centrally manage all users’ identities throughout their entire lifecycle. All of this functionality is available via Prove Pinnacle, their flagship identity platform.

Prove Pinnacle leverages a combination of machine learning and cryptographic authentication—based on data derived from users’ smartphones—to secure user access to mobile and web apps. Once deployed, the first step in the identity lifecycle is for end users to “bind” a cryptographic key (i.e., the SIM card or FIDO key on their cell phone) to themselves, after which they’re issued a ProveID.

Prove Pinnacle can then use the 128-bit encryption bound to the phone, along with billions of telecom, mobile, and device usage signals, to verify that the user owns the phone, is in possession of the phone, and is exhibiting low-risk behaviors. This unique “Phone-Centric Identity” approach can be applied to streamline user onboarding, to verify users’ identities each time they try to access your organization’s applications or services, and to provide a seamless, passwordless login experience. Within the Pinnacle platform, admins can use Prove’s Identity Manager to access a real-time registry of phone identity tokens, making it easier for them to manage users’ identity attributes as well as onboard and offboard users as needed.

Prove Pinnacle streamlines the onboarding and ongoing authentication process for new and existing users respectively, automatically verifying their identities as soon as they access your business’ services. It also helps organizations to mitigate the risks of fraud and account takeover, and provides a single, central platform from which admins can manage their users’ identity attributes. Overall, we recommend Prove Pinnacle as a strong platform for organizations within the e-commerce and finance sectors looking to streamline their identity and access governance and security processes, whilst mitigating fraud and account takeover.

SailPoint is a leader in identity security for the modern enterprise. IdentityIQ is their traditional IAM solution with solid identity governance capabilities, and IdentityNow is their multi-tenant IDaaA solution which comes with capabilities such as federated SSO, password management, access certification, and provisioning.

These solutions allow you to streamline compliance processes via automated access certification, policy management, and audit reporting, as well as offering users an intuitive self-service interface to manage their passwords, saving IT admins time spent on helpdesk calls. User-friendly self-service requests and lifecycle events facilitate easy management of changes to access, and enable quick, automated delivery of access. The file access manager extends identity governance to files by discovering the location of sensitive data, applying appropriate access controls, providing real-time visibility into data stored on-premises or in the cloud.

Provisioning simplifies on and off-boarding, while the application of advanced governance capabilities—through SailPoint Predictive Identity— allowing admins to monitor suspicious or anomalous access, improves productivity, and maintains compliance continually. The solution also enables admins to create a library of policies to highlight conflicts of interest and eliminate fraud through the requirement that more than one individual carry out any high-risk or sensitive tasks.

The SailPoint identity platform provides organizations with enterprise-grade identity governance paired with the agility and convenience of delivering your identity program from the cloud or your own data center, and can be rapidly deployed with administration taking place at any time and from any location. SailPoint IdentityIQ and IdentityNow are rated well, with users praising the flexibility and strong capabilities.

SAP is a multinational software corporation that develops enterprise software designed to simplify the management of business operations and customer relations. SAP has a history of offering IGA-based products, including SAP Cloud Identity Access Governance (IAG) which is SAP’s latest innovation in access governance. This is a multi-tenant solution built upon the SAP Business Technology Platform (BTP) and SAP’s proprietary HANA database.

This solution includes a range of useful key capabilities, including the ability to continually run access analysis and to support access compliance management through the use of real-time insights. Admins can also leverage configurable, predefined policies and rules regarding access, as well as dynamically update user access as business needs change. The solution lets admins more accurately assign user access and easily alter access dynamically. It also offers guided remediation for risk management and dashboard-driven management interfaces, analytics, and intelligent and visual prompts to pinpoint business critical issues.

With SAP Cloud IAG, organizations can extend their control and risk management capabilities, including extending access control to enterprise users and applications from any location and on any device. The solution also allows admins to detect and remediate Segregation of Duties (SoD) and any critical risk to on-premises and cloud systems, as well as simplify the process of managing compliance using preconfigured audit reporting.

SAP’s identity and access governance suite offers out-of-the-box integrations with the latest SAP cloud applications, with many more SAP and non-SAP integrations on the roadmap. This IGA solutions is rated highly by users for its strong capabilities and is recommended for organizations that are already using any of the SAP ERP products, due to the strong integrations. We also recommend it to organizations with recently failed audits or who prioritize process and governance-led solutions.