Notifications
Clear all
Topic starter
25/06/2026 5:20 pm
TL;DR: Activity Insights adds usage and activity context to access certifications, access history, and access modeling so reviewers can compare login patterns, identify inactivity, and make tighter least-privilege decisions, according to SailPoint. The real issue is not more data, but whether identity governance can turn activity evidence into consistent, defensible access decisions.
NHIMG editorial — based on content published by SailPoint: Reduce risk and improve security with Activity Insights
Questions worth separating out
Q: How should IAM teams use activity data in access reviews?
A: IAM teams should treat activity data as a decision support signal, not an automatic approval or denial rule.
Q: When does dormant access become a governance problem?
A: Dormant access becomes a governance problem when reviewers cannot explain why it still exists or when it survives multiple certification cycles without meaningful use.
Q: What do security teams get wrong about usage-based access decisions?
A: Teams often confuse technical assignment with actual need.
Practitioner guidance
- Use activity data as a revocation trigger Require reviewers to check last-use dates and usage frequency before certifying access.
- Rebuild access reviews around evidence quality Separate entitlements that are technically assigned from those that are actively exercised.
- Tune role models with usage patterns Feed activity trends into role maintenance so access models reflect how applications are actually used.
What's in the full article
SailPoint's full blog covers the operational detail this post intentionally leaves for the source:
- How Activity Insights is surfaced inside Access Certifications and Access History workflows
- The specific usage data points reviewers can inspect when deciding whether to revoke or continue access
- How the capability feeds Access Modeling decisions for role building and maintenance
- The source-level view of usage trends that supports forensic review and license optimisation
👉 Read SailPoint's blog on Activity Insights for identity access decisions →
Activity insights and access reviews: are your controls using usage data?
Explore further
25/06/2026 5:57 pm
Activity evidence turns access review from assertion to verification. Identity programmes routinely ask business owners to certify access they cannot actually observe in use. That assumption fails when permissions are granted in bulk, inherited through roles, or left untouched after the original project ends. The implication is not more review volume, but a different evidence model for governance decisions.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
- The average estimated time to remediate a leaked secret is 27 days, even though 75% of organisations express strong confidence in their secrets management capabilities.
A question worth separating out:
Q: Should access modelling rely on entitlement data alone?
A: No. Entitlement data is useful for understanding how access is structured, but it can overstate demand and hide unused permissions. Activity context helps teams separate what is assigned from what is exercised, which improves role design, cleanup decisions, and long-term governance quality.
👉 Read our full editorial: Activity insights expose the access gap in identity governance
