Engaging Stakeholders in IGA: Key Insights from the Benelux User Group

Identity Governance and Administration (IGA) remains a critical element in modern organizations and a critical component of all prominent security frameworks and the various controls around Access Controls. As everyone ever been involved in an Identity Management project can tell you, there are many stakeholders being part of it. Yet, many organizations struggle to gain buy-in from stakeholders beyond the IT department.

During a recent Benelux User Group session and roundtable that Omada hosted on “Stakeholder Involvement,” several important points came to light that can help organizations raise awareness of IGA’s value, secure leadership support, and motivate the broader business to embrace these solutions.

1. Why Stakeholder Involvement Is Crucial

Organizations often view IGA purely as an IT-driven initiative. As spending on identity and access solutions grows—often due to regulatory demands—there is a risk that internal expertise may not keep pace. This gap highlights the importance of involving the right stakeholders from the outset. When senior management or C-level leaders champion the initiative, it sets the tone for the rest of the organization to follow. On the bright side, with regulatory initiatives such as NIS2 and DORA in the European Union, C-level leaders may be held personally accountable for their organizations cyber- and information security.

Key takeaway: C-level endorsement helps shift the narrative from “just another tool” to a company-wide priority that addresses compliance, security, and operational efficiency.

2. Making IGA a Business Asset

Many organizations continue to manage IGA in an “old-fashioned” way, focusing on technical controls without showing the broader benefits. Often use-cases seen at many prospects and customers have a tendency of being overly complicated and there is a lost touch to pragmatism. This creates a disconnect when trying to engage teams outside IT.

Recommended strategies:

1. Emphasize Work Reduction: Show business leaders how automation can reduce manual, repetitive tasks. For instance, contractors can be onboarded on day one, accelerating productivity and with AI supported Access Requests, such as the Omada Identity Cloud AI assistant Javi, users can conveniently request access using natural language in their collaboration tool.
2. Governance Ownership: Shift from telling managers about recertifications to letting top executives declare, “We need governance to strengthen our company.” Position IGA tools as enablers that support these governance goals.
3. Highlight Business Impact: Reorganizations can be smoother with robust IGA. Automated processes help prevent loss of access while giving teams a clear way to analyze who needs what privileges and when.

3. Overcoming Common Barriers

One major hurdle is the lingering “IT smell”—the perception that IGA is just another technology project. In reality, IGA thrives best when it’s seen as a framework for better business operations and security, not simply an IT add-on.

Practical steps:

1. Engage HR Early: Incorrect or outdated HR data can lead to wrong access rights, introducing risks and inefficiencies. Emphasizing HR’s responsibility for data accuracy boosts collaboration and reduces errors.
2. Educate Through Various Channels: Some organizations have produced videos, intranet posts, and internal campaigns explaining the “why” behind IGA. This fosters a sense of ownership among employees who see how streamlined access and governance can simplify their day-to-day activities.

4. Addressing Rising Cyber Liability Insurance Requirements

Cyber liability insurance premiums are climbing as insurance providers demand stricter adherence to security frameworks. Organizations may need to prove they have strong IGA controls in place to fulfill policy requirements.

Pointers for compliance:

1. Demonstrate how IGA tools manage access, track usage, and maintain evidence of proper control.
2. Map IGA processes to recognized security frameworks (ISO 27001, CIS-18, NIST CSF, or relevant regional regulations) to streamline audits and ensure all bases are covered.

5. Modernizing IGA Practices

Although we have been discussing Digital Transformation for a while now and even as more infrastructure moves to the cloud, organizations sometimes revert to traditional, on-premises IGA methods. Modern IGA platforms offer advanced analytics, workflow automation, and flexible integrations that make onboarding, offboarding, and access reviews more efficient. It is important that these new capabilities are leveraged and that old fashioned ways of doing IGA effectively gets binned.

Benefits of modernizing:

1. Improved user experience for employees and contractors.
2. Stronger alignment with emerging regulations and insurer expectations.
3. Enhanced visibility for business stakeholders, making it easier for them to embrace security practices.

From my experience in the field, IGA is not merely an IT project. It is a strategic, organization-wide initiative requiring endorsement from senior management, involvement from departments like HR, and clear communication about its tangible benefits. By positioning IGA as an enabler of better governance, reduced manual work, and smoother audits, organizations can overcome skepticism and secure the engagement they need. As regulatory pressures grow and cyber liability insurance demands tighten, investing in a robust, modern IGA strategy becomes more essential than ever.