Omada and iC Consult sharpen the case for global IGA delivery

At a glance

What this is: Omada is repositioning its partnership with iC Consult around broader global delivery for identity governance and administration.

Why it matters: For IAM teams, the move shows that IGA success increasingly depends on implementation depth, managed services and operating-model support rather than product capability alone.

By the numbers:

• The relationship is backed by more than 110 successful joint projects and more than 40 dedicated Omada specialists within iC Consult's global team.
• iC Consult's team includes more than 850 experts across North America, Europe, Asia and beyond.
• Omada was founded in 2000 and focuses on cloud-based IGA for complex hybrid environments.

👉 Read Omada Identity's update on its partnership with iC Consult

Context

Identity governance and administration is the layer that turns access policy into day-to-day control. In practice, that means joiner-mover-leaver processes, approvals, reviews, role design and auditability across human and non-human identities. This announcement is about how those controls are increasingly delivered through partner ecosystems rather than isolated software deployments.

Omada and iC Consult are presenting a more integrated commercial and delivery relationship after nearly 20 years of collaboration. The practical question for identity leaders is not whether a partnership exists, but whether it improves deployment quality, operating consistency and support for complex hybrid environments.

For teams running mature IAM programmes, this kind of announcement usually reflects market reality rather than marketing: large-scale IGA programmes often fail on implementation, integration and adoption, not on feature lists. The typical enterprise now needs governance, delivery and managed services to move together.

Key questions

Q: How should organisations evaluate an IGA partnership model?

A: Evaluate it by asking whether the partner improves deployment consistency, lifecycle execution and auditability across real systems. A good partnership reduces operational variance, shortens implementation time and strengthens evidence quality. A weak one adds another handoff without changing governance outcomes. The key test is whether access decisions and lifecycle events become more reliable in production.

Q: Why do IGA programmes need more than software capability?

A: Because identity governance fails most often at integration, adoption and operating cadence. Software can define policy, but delivery determines whether reviews happen on time, approvals are enforced and offboarding is complete. In hybrid estates, the control is only as good as the surrounding process and support model.

Q: How do global identity programmes stay consistent across regions?

A: They need standard policy design, shared lifecycle definitions and tightly governed exception handling. Regional delivery teams can adapt execution, but the underlying entitlement rules and audit evidence model should remain consistent. Without that discipline, local variation turns into control drift.

Q: What should security teams do when identity operations are outsourced?

A: Keep governance decisions, evidence ownership and risk acceptance inside the enterprise. Outsourcing execution can help with scale, but it should not blur who approves access, who certifies entitlements or who is accountable when controls fail. Clear boundaries are essential for audit and remediation.

Technical breakdown

Why IGA programmes depend on delivery ecosystems

Identity Governance and Administration is rarely deployed as a simple product install. It touches HR data, application entitlements, approval workflows, role models, audit evidence and downstream access enforcement. That makes implementation quality part of the control itself. When the delivery model is weak, the governance model often remains theoretical: access reviews become noisy, role mining stalls, and lifecycle events are handled inconsistently across systems. Partner ecosystems matter because they translate product capability into operational control across different environments and process maturities.

Practical implication: evaluate whether your IGA programme has the integration and delivery capacity to make policy real, not just the licence to buy software.

What global managed services change in identity governance

Managed services in identity security shift the centre of gravity from one-time deployment to ongoing control operation. In complex hybrid estates, the hard part is sustaining entitlement accuracy, review cadence and exception handling across regions, business units and legacy platforms. A managed service can improve repeatability, but it also introduces governance questions about accountability, evidence ownership and escalation paths. The key architectural issue is whether the service model preserves decision authority inside the enterprise while offloading repeatable execution work.

Practical implication: define who owns the governance decision, who operates the control and who produces audit evidence before outsourcing the operating model.

Why co-delivery becomes a control issue in hybrid identity estates

Hybrid identity environments combine cloud applications, on-premises systems, third-party services and often machine identities as well. That mix creates dependency chains that can break under inconsistent lifecycle handling or uneven policy enforcement. Co-delivery matters because identity governance is only as strong as the weakest connected process. A partner with implementation depth can reduce friction, but only if the governance model is standardised enough to survive regional variation and multiple service teams.

Practical implication: test whether your governance model can remain consistent when delivered across multiple regions, teams and identity domains.

NHI Mgmt Group analysis

Partner ecosystems are becoming part of the identity control plane. Identity governance is no longer defined only by the software platform; it is defined by the ability to implement, operate and evidence policy at scale. When a vendor and integrator formalise a deeper relationship, the real signal is that governance outcomes depend on delivery capacity as much as on feature depth. Practitioners should treat implementation capability as a control dependency, not a procurement afterthought.

Global IGA delivery exposes the gap between policy design and operational reality. Many programmes can define approvals, certification rules and segregation logic, but fewer can sustain them across multiple geographies and service teams. This is especially true in hybrid environments where application ownership, data residency and local process variation complicate standardisation. The implication is that identity governance maturity is increasingly measured by repeatable execution, not by policy documents.

Identity governance is moving toward an operating-model market, not just a software market. The combination of platform, consulting and managed services reflects where enterprise demand is heading: fewer isolated deployments and more lifecycle ownership across the full programme. That does not reduce the importance of product capability, but it changes the evaluation lens. Practitioners should assess whether the partner model reduces operational variance enough to improve auditability and access-quality outcomes.

Lifecycle discipline is the real differentiator in complex IGA programmes. Provisioning, review, exception handling and offboarding are only useful when they are executed consistently across all connected systems. Partnership scale matters because it can shorten the distance between policy intent and operational enforcement. The practical conclusion is that identity teams should judge ecosystem strength by lifecycle execution quality, not by brand familiarity.

Some IGA programmes now fail because delivery is fragmented, not because policy is weak. That distinction matters. A mature governance model can still underperform if implementation, support and managed operations are split across too many handoffs. For practitioners, the question is whether their current operating model can sustain control quality when the environment gets more distributed.

From our research:

• 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
• 71% of NHIs are not rotated within recommended time frames, increasing the risk of compromise over time, according to Ultimate Guide to NHIs.
• For a deeper lifecycle lens, see NHI Lifecycle Management Guide for how provisioning, rotation and offboarding should be operationalised.

What this signals

Lifecycle execution is becoming the real differentiator in identity programmes. As identity estates grow more hybrid, the question is no longer whether policy exists, but whether it can be executed consistently across business units and regions. Teams that can standardise reviews, offboarding and exception handling will create less variance in audit evidence and fewer hidden access paths.

The partnership model also suggests that buyers are prioritising implementation depth over product-only evaluation. That shift matters because identity failures often emerge where governance, delivery and support meet. Practitioners should expect procurement conversations to move closer to operating-model design, service boundaries and control ownership.

With 96% of organisations storing secrets outside secrets managers in vulnerable locations, according to our Ultimate Guide to NHIs, the broader lesson is clear: distributed identity risk is already the norm, so governance needs to be built for repeatable execution, not occasional oversight.

For practitioners

• Map delivery ownership across the IGA lifecycle Document who owns provisioning design, access review operations, exception handling and audit evidence across every region and service team. If those responsibilities are split across vendor, integrator and internal teams, define escalation paths and decision rights before the programme scales.
• Stress-test hybrid integration dependencies Review how HR, directory, application and ticketing integrations behave when identity data changes in one region but must propagate globally. Use the exercise to identify where lifecycle events stall, duplicate or lose evidence.
• Measure review quality, not review volume Track whether access certifications actually remove stale access, resolve exceptions and produce usable audit evidence. High completion rates without entitlement cleanup usually indicate process throughput without governance impact.
• Validate managed-service accountability boundaries If a managed service is part of the operating model, define which controls remain enterprise-owned and which are delegated. Audit evidence, policy approval and risk acceptance should stay clearly attributable inside the organisation.

Key takeaways

• Identity governance programmes now depend as much on delivery capacity as on the underlying platform.
• Global operating models expose weaknesses in lifecycle execution, evidence quality and regional consistency.
• Practitioners should judge IGA partnerships by whether they improve control reliability in production.

Key terms

• Identity Governance And Administration: Identity Governance and Administration is the discipline that defines, approves, reviews and audits access across an organisation. It connects policy to operational controls such as provisioning, certification, role management and offboarding, so that access remains explainable, reviewable and removable across systems.
• Lifecycle Execution: Lifecycle execution is the operational carrying out of joiner-mover-leaver and related identity processes. It matters because policy only becomes control when provisioning, recertification, exception handling and revocation happen consistently across applications, regions and service teams.
• Managed Services For Identity Security: Managed services for identity security are outsourced operational functions that run parts of the identity programme on behalf of the enterprise. They can improve scale and consistency, but the organisation must still retain governance decisions, evidence ownership and risk acceptance.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or governance maturity in your organisation, it is worth exploring.

This post draws on content published by Omada Identity: a strategic update on its partnership with iC Consult and global identity governance delivery. Read the original.