Notifications
Clear all
Topic starter
25/06/2026 5:13 pm
TL;DR: Manual access governance across dozens of systems remains common for upwards of 64% of organisations, according to SailPoint, while its 2023 AI and ML features target faster role discovery, better access history visibility, and more automated reporting. That shifts IGA from periodic review work toward continuous optimisation, but only if access data quality is high enough to trust the outputs.
NHIMG editorial — based on content published by SailPoint: Driving deeper insights, more automation, and better visibility into your IGA program
By the numbers:
- 2023 to help customers dynamically review, s in 2023 to help customers dynamically review, evaluate, and refine roles while maintaining an optimized access model.
Questions worth separating out
Q: How should security teams use AI in identity governance without losing control?
A: Security teams should use AI to accelerate pattern detection, role discovery, and reporting, while keeping approval authority with governance owners.
Q: Why does access history matter so much in IGA programmes?
A: Access history matters because it connects entitlements to real use, which is the only practical way to separate needed access from stale or inherited access.
Q: What breaks when role mining is done with poor identity data?
A: Role mining breaks down when entitlement, application, or ownership data is inconsistent, because the model will cluster noise instead of business reality.
Practitioner guidance
- Validate identity data before trusting AI outputs Confirm that entitlement, app, and ownership records are consistent enough for AI-assisted role discovery and reporting.
- Use AI-generated roles as review candidates Treat common access and scoped-role suggestions as drafts for human validation.
- Measure unused access against actual history Compare entitlement assignment with access history to identify dormant or inherited access that can be removed or recertified.
What's in the full article
SailPoint's full blog covers the operational detail this post intentionally leaves for the source:
- The implementation mechanics behind common access role creation and auto-scoped role discovery.
- Examples of how Activity Insights is surfaced in identity history workflows and reporting views.
- How the Access Intelligence Center is used for dashboards, custom reporting, and compliance workflows.
- The practical positioning of Snowflake Secure Data Sharing for identity data consumption in external BI tools.
👉 Read SailPoint's blog on AI and ML features for identity governance →
AI in IGA: what changes for visibility, roles, and access?
Explore further
25/06/2026 5:46 pm
AI in IGA is most useful when it reduces review friction, not when it replaces governance judgment. The article shows a familiar pattern: access data is too fragmented for manual governance to keep pace, so AI is being used to compress analysis and reporting work. That does not make the governance problem disappear. It simply moves the effort from data gathering to decision quality, which is where identity teams should keep control.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How do dashboards improve identity governance outcomes?
A: Dashboards improve outcomes when they reduce the time needed to see drift, prove control performance, and prioritise remediation. They are most effective when they show access ownership, usage trends, and exception volume in a form that security, compliance, and IAM teams can act on quickly. Reporting becomes useful only when it drives decisions.
👉 Read our full editorial: AI and ML are reshaping identity governance visibility
