TL;DR: IGA platform selection is shifting beyond access reviews, provisioning, and SoD as enterprise identity risk spans SAP, Oracle, Workday, Salesforce, and other business applications, according to Pathlock’s webinar briefing. The practical question is no longer feature parity, but whether governance tooling can evaluate risk across business-critical applications and support a broader control model.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should teams evaluate an IGA platform beyond access reviews and provisioning?
A: Teams should assess whether the platform can connect entitlement data, application context, ownership, and policy into a single governance model.
Q: Why does application sprawl change IGA platform selection criteria?
A: Because identity governance becomes fragmented when core systems such as ERP, HR, finance, and CRM are managed separately.
Practitioner guidance
- Test cross-application visibility first Validate whether the platform can show entitlement, owner, and risk context across SAP, Oracle, Workday, Salesforce, and custom applications in one governance view.
- Map evaluation criteria to governance outcomes Replace feature-only scorecards with outcome-based criteria such as risk prioritisation, defensible certification, and business-readable reporting.
- Assess lifecycle coverage beyond joiner-mover-leaver flows Check whether the platform links provisioning, access reviews, SoD, and application context into one control model instead of separate workflows.
What to expect at the briefing
Pathlock's full webinar covers the operational detail this post intentionally leaves for the source:
- A practical evaluation framework for comparing modern IGA platforms across enterprise applications.
- The five capabilities the speaker identifies as defining a modern IGA platform.
- Implementation lessons drawn from 100+ enterprise deployments, useful for teams building a business case.
- The webinar recording and live session format for teams that cannot attend the broadcast.
👉 Register for Pathlock's webinar on evaluating modern IGA platforms →
IGA platform evaluation on July 16: what should teams look for?
Explore further
IGA evaluation is now a governance-risk exercise, not a feature checklist. Access reviews, provisioning, and segregation of duties still matter, but they no longer define the full control surface when identity spans multiple business-critical applications. The evaluation question is whether the platform can surface enterprise-wide entitlement risk in a way that informs security, compliance, and business decisions. Practitioners should treat platform selection as an assessment of governance reach, not administrative convenience.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
A question worth separating out:
Q: How do you know if an IGA platform is actually improving governance?
A: Look for evidence that it improves visibility across systems, reduces manual exceptions, and helps teams prioritise risky access more accurately. If certifications run faster but the enterprise still cannot explain who has access to what across core applications, governance quality has not materially improved.
👉 Read our full editorial: Evaluating modern IGA platforms for enterprise identity risk