Modern IGA RFPs in 2026: what should IAM teams prioritise?

TL;DR: Choosing an IGA platform in 2026 increasingly comes down to lifecycle automation, access review quality, JIT access, and NHI governance, according to ConductorOne’s guide. The real test is whether the programme can handle hybrid identity sprawl without turning governance into manual review theatre.

NHIMG editorial — based on content published by ConductorOne: The Modern IGA RFP Guide: How to Choose the Right Identity Governance Platform in 2026

By the numbers:

• Only 5.7% of organisations have full visibility into their service accounts.

Questions worth separating out

Q: How should security teams evaluate an IGA platform for hybrid environments?

A: They should test whether the platform can reconcile identities, entitlements, approvals, and lifecycle events across cloud, SaaS, and on-prem systems.

Q: Why do modern IGA programmes need non-human identity governance?

A: Because service accounts, API keys, and certificates carry real access and real risk, but they rarely fit human-centric governance assumptions.

Q: What breaks when access certification is used as the main governance control?

A: Certification breaks down when the underlying entitlement data is stale, incomplete, or too noisy to support a meaningful decision.

Practitioner guidance

• Define the governance boundary before issuing the RFP List the identity classes in scope, including employees, contractors, service accounts, API keys, certificates, and AI-assisted access paths.
• Test whether lifecycle events drive access removal Ask vendors to show how role changes, departures, and account retirement trigger revocation across cloud, SaaS, and infrastructure systems.
• Separate certification quality from certification volume Measure whether reviewers receive accurate ownership, meaningful entitlement context, and usable exception handling.

What's in the full article

ConductorOne's full blog covers the operational detail this post intentionally leaves for the source:

• Sample RFP questions for deployment, scalability, and customer success conversations
• Vendor-side feature descriptions for access reviews, JIT access, and no-code automation
• Implementation-oriented guidance on workflow templates, connector creation, and time-to-value
• Pricing, support, and packaging details that help teams compare deployment models

👉 Read ConductorOne's guide to choosing the right IGA platform in 2026 →

Modern IGA RFPs in 2026: what should IAM teams prioritise?

Explore further

View Full Forum →  |  NHI Foundation Course →