ServiceNow-Veza acquisition: what it means for identity teams

TL;DR: ServiceNow’s acquisition of Veza changes the evaluation for teams that used the platform’s access graph for cloud entitlement analysis and its newer IGA functions for lifecycle workflows, while early access features and roadmap control now sit inside a larger integration process, according to Zluri. The key issue is no longer feature parity alone, but whether identity governance can still be proven in production before organisational accountability is absorbed into a platform transition.

NHIMG editorial — based on content published by Zluri covering the ServiceNow acquisition of Veza: what it means for identity teams

By the numbers:

• Veza added JML workflow capability in 2024 and Access AuthZ launched in November 2025, one month before the acquisition.
• Zluri says its JML automation covers 300+ integrations with 1,500+ granular provisioning actions.

Questions worth separating out

Q: Should identity teams replace access graphs with full IGA platforms?

A: Not automatically. Access graphs and full IGA platforms solve different problems: one explains effective permissions, while the other governs joiner-mover-leaver workflows, reviews, and remediation. Teams should replace a point capability only when they can prove the new platform covers both visibility and closed-loop execution at the same operational depth.

Q: Why does a platform acquisition matter for identity governance programmes?

A: Because ownership change can alter roadmap priority, support model, and integration speed, all of which affect whether controls keep working in production.

Q: How should security teams evaluate early access IGA features?

A: Treat them as maturity questions, not feature checkboxes.

Practitioner guidance

• Reassess control ownership across visibility and remediation Separate entitlement intelligence from lifecycle execution in your architecture review.
• Pressure-test newly added governance functions in production-like scenarios Before relying on early-access or recently launched IGA features, run simultaneous onboarding, mover, and offboarding scenarios with real exception paths.
• Map discovery coverage beyond the IdP Inventory SaaS signups, OAuth-connected apps, and tools outside SSO so you can see whether your discovery model covers hidden identity activity.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

• Side-by-side feature breakdowns for access graph, lifecycle automation, access reviews, and deployment scope
• Customer examples and implementation outcomes that show how the platform behaves in production
• Detailed comparison points around discovery methods, write-back coverage, and connector depth
• The acquisition-specific roadmap and support implications that shape buying decisions

👉 Read Zluri's analysis of the ServiceNow-Veza acquisition and identity team implications →

ServiceNow-Veza acquisition: what it means for identity teams?

Explore further

View Full Forum →  |  NHI Foundation Course →