Notifications
Clear all
Topic starter
07/06/2026 8:15 pm
TL;DR: Nearly 3,000 hours were saved in 2025 through policy, automation, and workflow improvements, according to ConductorOne’s January 2026 product updates on continuous, time-bound identity governance. The underlying shift is that static approvals and quarterly checkpoints no longer match how access is requested, reviewed, and revoked in modern environments.
NHIMG editorial — based on content published by ConductorOne: January 2026 Product Updates: Modern Identity at Scale
By the numbers:
- On average, C1 customers saved nearly 3,000 hours over the course of the year by using C1.
- That’s the equivalent of 25 full work weeks returned to security, IT, and engineering teams.
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
Questions worth separating out
A: Security teams should expose only repeatable, low-risk workflows through governed request paths, with structured forms, policy-based approvals, and auditable execution.
Q: Why do access reviews fail when they become too manual at scale?
A: Access reviews fail when reviewer effort is high enough that people delay decisions, approve in batches without sufficient scrutiny, or ignore campaigns altogether.
Q: How do organisations know whether identity operations are actually under control?
A: They know by tracking operational signals such as expiring grants, extension requests, submission timing, and workflow exceptions.
Practitioner guidance
- Map identity workflows to service boundaries Identify which access requests, approvals, and revocations can be exposed as governed services without creating standing administrative privilege.
- Treat access review friction as a governance defect Measure completion rates, reviewer delay, and abandonment across campaigns.
- Instrument lifecycle exceptions as control failures Track expiring grants, extension requests, deprovisioning overlaps, and mapping errors in the same dashboard.
What's in the full article
ConductorOne's full blog covers the operational detail this post intentionally leaves for the source:
- Weekly release-note context for the January 2026 changes and the specific product areas affected.
- Detailed handling of requestable automations, including how policy checks and structured forms are implemented.
- Dashboard exports, percentile views, and submission tracking examples for teams that need implementation detail.
- Accessibility and workflow usability improvements that help end users and admins work through reviews faster.
👉 Read ConductorOne's January 2026 product updates on modern identity at scale →
Identity governance at scale: are your review workflows keeping up?
Explore further
07/06/2026 10:05 pm
Identity governance is becoming a service model, not a review calendar. The strongest signal in this update is not the individual feature set but the operating model behind it. Identity programmes that still rely on static checkpoints will keep missing the point because access is now requested, approved, extended, and revoked as part of live work. Practitioners should treat governance as an always-on service layer rather than a quarterly administrative event.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which is why lifecycle blind spots persist even in mature identity programmes.
A question worth separating out:
Q: What should IAM teams prioritise as identity programmes scale?
A: IAM teams should prioritise observability, reversibility, and policy enforcement over simply adding more workflows. Scale increases the chance that edge cases, fallback logic, and deprovisioning overlaps will create hidden risk. A mature programme can show who requested access, who approved it, when it expires, and how it is removed.
👉 Read our full editorial: Modern identity at scale means governance must become continuous
