Notifications
Clear all
Topic starter
25/06/2026 5:11 pm
TL;DR: Gartner named it a Challenger in the February 2017 Magic Quadrant for Identity Governance and Administration, framing the result around cloud-ready, risk-aware IGA for apps, data, and infrastructure, according to Saviynt. For practitioners, the more useful question is whether identity governance is being measured by feature breadth or by how well it reduces access, certification, and decision risk.
NHIMG editorial — based on content published by Saviynt: its 2017 Gartner Magic Quadrant Challenger announcement for Identity Governance and Administration
By the numbers:
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
Questions worth separating out
Q: How should organisations evaluate an IGA platform beyond analyst rankings?
A: They should test whether the platform closes the full governance loop: discovery, request, certification, SoD enforcement, and remediation.
Q: When does risk-based access governance fail in practice?
A: It fails when risk scores are visible but do not affect approvals, exceptions, or remediation.
Q: What do security teams get wrong about access certification?
A: They often treat completion of a review cycle as proof of control.
Practitioner guidance
- Validate certification completeness across all governed systems Check whether every application, data store, and cloud entitlement that should be reviewed is actually in scope for access certification.
- Tie risk signals to actual approval outcomes Confirm that high-risk entitlements change the approval path, remediation queue, or escalation route.
- Reconcile SoD rules against live entitlement data Test segregation-of-duties rules against current role assignments and exception histories, not static policy documents.
What's in the full analysis
Saviynt's full press release covers the market positioning and product context this post intentionally leaves at the source:
- Analyst quadrant language and the exact Gartner framing behind the Challenger designation
- The vendor's own description of CASB, Application GRC, and DAG capabilities inside the platform
- Company positioning around cloud, on-premise, and enterprise application coverage
- The original announcement wording and conference session details for the IAM Summit
👉 Read Saviynt's statement on Gartner Challenger placement in IGA →
IGA Challenger status: what it means for governance teams?
Explore further
View Full Forum → | NHI Foundation Course → | Our Services →
25/06/2026 5:43 pm
Analyst rankings matter less than governance coverage. A Challenger label may indicate market traction, but it does not answer whether the platform closes the governance loop across cloud, application, and data access. For identity teams, the real test is whether certification, SoD, and request controls are fed by complete entitlement evidence rather than fragmented reports. Practitioners should treat quadrant movement as context, not proof of operational maturity.
A few things that frame the scale:
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security, according to The 2026 Infrastructure Identity Survey.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, which shows how quickly governance expectations are changing across identity programmes.
A question worth separating out:
Q: How can IAM teams reduce segregation-of-duties exceptions without slowing the business?
A: They should map SoD rules to live entitlement data, then reserve exceptions for documented business cases with expiry and review. That approach reduces noise while keeping conflicts visible. The goal is not to eliminate all exceptions, but to prevent exception creep from becoming the default operating model.
👉 Read our full editorial: Saviynt’s Challenger placement and what it means for IGA governance
