Choosing an Identity Governance and Administration solution requires balancing governance, operational complexity, compliance, and long-term scalability.
The 2026 KuppingerCole Leadership Compass for IGA evaluates the leading vendors across the market. In this year’s report, Omada was once again recognized as an Overall Leader.
Below is an excerpt from KuppingerCole’s assessment of Omada, covering the platform’s architecture, governance capabilities, workflows, and roadmap.
The full report is also available for broader market context.
About Omada
Omada, headquartered in Denmark and founded in 2000, counts among the established providers of solutions for IGA. Most of their customers are in Europe, but they have a sizable presence in North America as well. Omada Identity is their on-premises solution, and Omada Identity Cloud is their SaaS offering. Both solutions deliver a full range of IGA capabilities. Omada Identity components include an enterprise server portal and services for provisioning, a data warehouse, and a role and policy engine. Costs are based on the number of users. The platform has SOC 2 Type II and ISO/IEC 27001 certifications.
Deployment and architecture
Omada supports multiple delivery and deployment options such as SaaS, software deployed to on-premises servers, and container-based deployments via Docker. It is also operated by managed services partners. It has an API-first, microservice architecture with independently scalable services and dedicated data stores for key components. The platform offers a mix of multi-tenant and single-tenant structures in cloud delivery, with dedicated customer storage combined with shared compute services. Most of the capabilities of the solution are exposed via APIs. SDK-based customization is primarily available for on-premises deployments, while cloud deployments restrict customization to configuration and standardized extensions rather than tenant-specific code. The Cloud Application Gateway (CAG) extends identity governance into private and hybrid environments without requiring firewall changes or VPNs. It uses outbound only, zero-trust connectivity with customer-controlled encryption keys (BYOK). Containerized and lightweight, it supports automated updates and avoids infrastructure lock-in, addressing regulatory, security, and deployment constraints common in enterprise IGA implementations.
Identity lifecycle and connectivity
Identity lifecycle management covers workforce, partner, customer, application, and NHIs, including time-bound access assignments and event-driven synchronization. Omada supports schema extensions and UI-based schema changes and offers schema discovery for Active Directory and SQL-based systems. SCIM support enables automated provisioning and deprovisioning, batch imports, and JIT assignment patterns with validity windows. Target system connectivity covers most of the directories, databases, and SaaS services such as Microsoft Entra ID, CyberArk, Okta, Google apps, AWS, ServiceNow, SuccessFactors, JIRA, and Workday, among others, through out-of-the-box connectors and a configurable framework using REST, OData, SOAP, SQL, SSH, PowerShell, and GraphQL. There is also a connector directory and community distribution model. Workflow management is delivered through a graphical process designer with reusable templates.
Self-service and user experience
User self-service is delivered through a browser-based UI that supports access requests, approvals, request tracking, and shopping-cart-style selection. It also supports time-bound access and requests on behalf of others. Omada also supports access requests through ITSM tools like ServiceNow. Its AI-powered assistant Javi provides conversational interaction in Microsoft Teams and Slack for selected governance tasks like access requests/approvals and reporting queries. End-user and administrative access is protected by a broad set of authentication methods such as username/password, FIDO 2.0, SMS OTP, TOTP-based mobile authenticator apps, biometrics, and mobile push notifications. The platform’s authorization model supports fine-grained administrative delegation with time- bound scopes and object-level security inheritance. The solution provides a responsive UI that adapts to mobile devices. This experience is focused on end-user scenarios such as access requests, while configuration work remains better suited to tablet or desktop browsers for workflow and model administration.
Audit and compliance reporting
Audit, compliance, and reporting are supported through platform logging, SIEM integrations, and dashboards. Reports are available in ad hoc, scheduled, historical, and near real-time formats. Reporting and audit data can be accessed via APIs, including use within Javi-assisted scenarios for querying access context and certification status. Out-of-the-box compliance reporting coverage includes frameworks such as GDPR, HIPAA, and SOX; other report types would have to be developed by customers. Continuous controls monitoring can trigger corrective actions or workflow-based remediation, complemented by reconciliation-style reporting through compliance-oriented dashboards.
Access governance and analytics
Access governance includes role management, role discovery and mining (available only as a paid add-on subscription), access certification campaigns, event-driven micro- certifications, SoD checks, and risk-based decision support within request and approval workflows. The platform supports policy-driven controls using RBAC and ABAC models. Analytics address access pattern discovery, peer-group comparisons, outlier identification, and data quality analysis with remediation workflows. Javi extends these capabilities through conversational access for requests, approvals, certifications, and reporting, while broader AI- led workflow orchestration remains uneven across use cases.
Strategy and market position
Roadmap priorities for 2026 include expanding AI capabilities around Javi, MCP-based tooling, intelligent automation, and smarter certifications with policy-driven recommendations. Omada’s strengths are in configurability, event-driven governance, and operational tooling for SaaS environments. Omada is well suited for organizations that want full-spectrum IGA with partner-led delivery, strong workflow configurability, and expanding AI-assisted user interaction, especially where real-time signal consumption is a key requirement.
Overall strengths and challenges
Strengths
- Configurable schema and semantic data model
- Event-driven workflows for governance actions
- Strong connector framework and community model
- Collaboration tool access requests and approvals
- Fine-grained administrative delegation controls
- Time-bound access with JIT assignment support
- Report generator with flexible filtering
Challenges
- Limited schema discovery beyond AD and SQL
- Some legacy connector gaps remain
- Mapping remediation workflows is still incomplete
- Role mining is available but requires an additional subscription
- Reports for more compliance frameworks would be useful
