Identity & Access Management

Identity Governance & Administration (IGA)

  • May 10, 2025
  • 0

Sherlocked Security – Identity Governance & Administration (IGA)

Streamline identity lifecycle management, enforce access governance, and ensure regulatory compliance with Sherlocked Security’s IGA services. We help enterprises, FinTech, healthcare, BFSI, and government organizations automate and control user access across your entire environment.

📄 1. Statement of Work (SOW)

Your IGA engagement begins with a detailed SOW outlining scope, deliverables, and timelines:

  • Service Name: Identity Governance & Administration (IGA)
  • Client Type: Enterprises, FinTech, Healthcare, BFSI, Government
  • Service Model: Advisory + Design + Implementation Support
  • Compliance Coverage: ISO 27001, NIST 800-53, SOX, HIPAA, GDPR, RBI

🔐 IGA Focus Areas

  • Identity Lifecycle Management (Joiner-Mover-Leaver)
  • Access Request & Approval Workflows
  • Role-Based & Attribute-Based Access Controls
  • Access Reviews & Recertification
  • Integration with HRMS & Directory Services

🧠 2. Our Approach

We deliver a business-aligned, automation-first IGA strategy with strong governance:

  • 🔹 Business-Aligned Strategy: Align IAM to organizational goals
  • 🔹 Centralized Governance: Unified model across applications
  • 🔹 Risk-Based Controls: Prioritize high-risk entitlements
  • 🔹 Automation-First: Minimize manual tasks, enforce policies

Workflow (color-coded):
[Stakeholder Discovery] → [Current State Review] → [Policy & Role Design]
[Tooling & Connector Planning] → [Workflow Design] → [Implementation & Testing]
[User Training & Go-Live] → [Audit & Optimization]

🧪 3. Methodology

Our phased framework ensures clarity and control throughout:

Phase Flow:
[Kickoff & Requirements] → [IGA Gap Analysis] → [Access Governance Framework Design]
[Tool Evaluation or Optimization] → [Workflow Configuration] → [UAT & Pilot]
[Organization-Wide Rollout] → [Access Review & Certification]

📦 4. Deliverables to the Client

  • 🧾 IGA Strategy & Roadmap Document
  • 🗺️ Identity Lifecycle Policy (Joiner-Mover-Leaver)
  • 📘 Role & Access Model Definitions
  • 🔐 Workflow Design for Access Requests
  • 🧪 Tool/Connector Architecture Blueprint
  • 📊 Access Review & Certification Templates
  • 📽️ End-User & Admin Training Guides
  • 🧑‍💻 Post-Go-Live Optimization Plan

🤝 5. What We Need from You

  • ✅ Access policies & compliance mandates
  • ✅ HRMS integration availability
  • ✅ Directory/IdP details (e.g., AD, Azure AD)
  • ✅ Stakeholder access for interviews
  • ✅ Application list with permissions & roles
  • ✅ Prior audit reports (if available)

🧰 6. Tools & Technology Stack

  • 🛠️ SailPoint, Saviynt, Omada, Oracle IGA
  • 🔐 Azure AD, Okta, Ping Identity
  • 🧱 SCIM & REST connectors
  • 🔁 HRMS Integrations (Workday, SAP, BambooHR)
  • 📊 Dashboards via Power BI / Tableau
  • ✅ APIs for workflow & role synchronization

🚀 7. Engagement Lifecycle

  1. Initial Consultation
  2. Discovery Workshops
  3. NDA & SOW Finalization
  4. Current-State & Risk Mapping
  5. Role & Policy Design
  6. Tooling Strategy & Connector Setup
  7. UAT & Pilot Execution
  8. Organization-Wide Rollout
  9. Optimization & Review

🌟 8. Why Sherlocked Security?

Feature Sherlocked Advantage
🔐 Lifecycle Automation Experts Automated JML & access approvals
🧠 Compliance-Driven Design Audit-ready, least-privilege policies
📊 Visibility & Reporting Real-time review dashboards
🔁 End-to-End Execution From policy to certification
🛠️ Platform-Agnostic SailPoint, Saviynt, Oracle & more

📚 9. Real-World Case Studies

🏦 Banking Sector – IGA Centralization

  • Client: Global Private Bank
  • Challenge: Disconnected workflows, audit failures
  • Solution:
    • HRMS integrated with SailPoint IGA
    • Role-based access definitions per unit
    • Automated reviews & recertification
  • Outcome: 80% faster offboarding, passed SOX & RBI audits

💼 SaaS Startup – Lightweight IGA Setup

  • Client: HRTech Startup
  • Issue: Manual onboarding, no audit trail
  • Fix: Okta + BambooHR SCIM provisioning & JML automation
  • Impact: Onboarding reduced from 3 days to 30 mins, full visibility

🛡️ 10. SOP – Standard Operating Procedure

  1. Kickoff & team alignment
  2. Identity & access discovery
  3. Define roles, policies & approval flows
  4. Select tools & design connectors
  5. Configure access request workflows
  6. Conduct UAT & pilot testing
  7. Roll out in phased approach
  8. Enable access reviews & recertification
  9. Finalize documentation & training
  10. Optimize based on audit feedback

📋 11. Sample IGA Controls Checklist

  • ✅ Define JML processes & owner responsibilities
  • ✅ Automate provisioning & de-provisioning
  • ✅ Schedule regular access certifications
  • ✅ Implement RBAC & ABAC policies
  • ✅ Integrate with HRMS & authoritative sources
  • ✅ Maintain audit trails & compliance reports
  • ✅ Detect & remediate orphaned accounts
  • ✅ Monitor SoD violations & remediate
  • ✅ Enable self-service access requests
  • ✅ Review & refine policies continuously

📞 Ready to Elevate Your IGA?

📬 Contact Us or 📅 Book a Free Consultation

Just-In-Time (JIT) Access Solutions
Biometric & FIDO2/WebAuthn Deployments