Notifications
Clear all
Topic starter
12/06/2026 9:24 pm
TL;DR: Fragmented identity data across HRIS, IdP, and cloud apps slows provisioning, deprovisioning, and access reviews, creating orphaned and over-privileged accounts that raise audit and security risk, according to Josys. Unified attribute reconciliation helps, but the governance problem is still data trust, not sync alone.
NHIMG editorial — based on content published by Josys: Introducing Josys' Multi-Source Identity Enrichment
By the numbers:
- Only 5.7% of organisations have full visibility into their service accounts.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
Questions worth separating out
A: Identity teams should define attribute ownership before they automate decisions.
Q: Why do fragmented identity records create so many access review problems?
A: Fragmented records force reviewers to compare multiple systems to reconstruct one person’s current status, manager, and entitlement history.
Q: What breaks when deprovisioning depends on stale identity data?
A: Leaver workflows fail when employment status or role changes arrive late or inconsistently across systems.
Practitioner guidance
- Inventory attribute ownership across systems Document which system owns each identity attribute, including employment status, department, manager, and user ID.
- Validate leaver workflows against stale data Test whether a termination or role change still leaves any account active when HR and directory data are out of sync.
- Treat reconciliation logic as a governed control Review how conflicts are resolved when two systems disagree on an attribute.
What's in the full article
Josys' full blog post covers the operational detail this post intentionally leaves for the source:
- Attribute-level mapping examples showing how to split authoritative fields between an IdP and HRMS.
- The reconciliation workflow details behind the unified identity pane and how the secondary data source is configured.
- The practical access management outcomes Josys claims for faster deprovisioning and audit readiness.
- The product-level workflow implications for teams that want to reduce manual identity cleanup.
👉 Read Josys' article on multi-source identity enrichment for IGA →
Multi-source identity enrichment: what it means for IGA teams?
Explore further
12/06/2026 11:26 pm
Identity enrichment is a governance control, not just a data integration feature. The article is really about whether access decisions are being made from complete identity context. When employee status and department live outside the directory, IGA becomes reactive and fragile, because the programme cannot confidently certify, revoke, or reassign access at speed. Practitioners should read this as a reminder that governance quality is bounded by attribute quality.
A few things that frame the scale:
- Only 5.7% of organisations have full visibility into their service accounts, according to Ultimate Guide to NHIs.
- Seventy-one percent of NHIs are not rotated within recommended time frames, which means visibility gaps quickly become lifecycle gaps rather than isolated reporting issues.
A question worth separating out:
Q: How can organisations tell whether multi-source identity enrichment is actually working?
A: Look for fewer manual reconciliation tickets, faster deprovisioning, cleaner access review evidence, and fewer conflicts between HR and directory records. If teams still spend review cycles validating identity basics, the enrichment layer is not yet producing governance-grade data. The measure of success is decision quality, not sync volume.
👉 Read our full editorial: Multi-source identity enrichment exposes the real IGA data gap
