Cloud Identity Governance (CIG)

Cloud Identity Governance platforms provide security and identity teams with a unified, continuous view of who has access to what across cloud providers, SaaS applications, and identity stores, and whether that access is appropriate. Instead of spreadsheet-driven access reviews and one-off IAM audits, CIG tools continuously ingest entitlements, groups, and roles to surface toxic combinations, privilege creep, and access that no longer matches a user’s role.

Traditional IGA was built around on-prem directories and a small set of core apps. Cloud Identity Governance extends that model to multi-cloud and SaaS environments where access is spread across IAM roles, SaaS tenants, and ephemeral resources. Legacy IGA platforms remain strong at workflow (joiner/mover/leaver, approvals, attestations) but often struggle with cloud entitlements such as thousands of granular permissions, Kubernetes roles, and SaaS-specific privilege models. CIG platforms specialise in discovering and normalising these entitlements, analysing risk, and feeding decisions back into IGA or ITSM for approvals and lifecycle.

7 Common requirements in this category

Technical buyers typically look for:

1. Coverage and integrations

Connectors into major cloud providers, SaaS applications, identity providers, directories, HR systems, and ticketing tools.

2. Entitlement discovery and modelling

Normalisation of IAM policies, groups, and roles into a consistent model; detection of excessive and unused permissions; visibility into machine identities and service accounts.

3. Access reviews and certifications

Campaigns scoped by application, team, or manager, with bulk decisions, recommendations for approve or remove, and strong evidence trails.

4. Policy and segregation of duties (SoD) management

Definition and detection of SoD conflicts, toxic role combinations, and policy violations across applications and clouds.

5. Lifecycle and workflow automation

Integration with HR and identity providers for joiner, mover, and leaver flows; automated provisioning, deprovisioning, and role changes via APIs or orchestration.

6. Risk scoring and prioritisation

Contextual risk models that combine entitlement criticality, data sensitivity, usage, and identity risk to highlight what to fix first.

7. Auditability and reporting

Clear reports for internal audit, regulators, and customers showing who approved which access, when, and on what basis.

With Cybermatch, Cloud Identity Governance tools are compared against these criteria so security teams can see which platforms map cleanly to their identity stack, risk model, and compliance obligations before committing to a PoC.

Evaluating software? Don't go in blind.

Get real advice from buyers like you—what to ask, what to avoid, and what others wish they knew before buying.

Clutch Security

Clutch Security focuses Cloud Identity Governance on the lifecycle and governance of non‑human identities (NHIs) such as service accounts, workloads, automation tokens, and AI agents. The platform discovers NHIs, correlates ownership and usage, and applies precise policies from creation through… Read More →

Saviynt

Saviynt addresses Cloud Identity Governance with a converged, SaaS‑based IGA that governs both human and machine identities. For machine identities specifically, Saviynt provides single‑pane visibility of certificates, keys, service accounts, bots, containers, and APIs, aligns owners, and enforces lifecycle policies… Read More →

CyberArk

CyberArk Modern IGA delivers cloud‑first identity governance focused on automation, speed to value, and complete visibility across SaaS, cloud, and on‑premises apps. The service centralizes entitlements for human and non‑human identities, builds a unified identity map, and uses AI‑generated profiles… Read More →

Teleport

Teleport delivers cloud identity governance to control human and machine access across cloud and SaaS. The product discovers identities, roles, and privileges, then centralizes policies to enforce least privilege. It automates joiner‑mover‑leaver processes, access requests, and approvals, and provides recurring… Read More →

StrongDM

StrongDM delivers cloud identity governance to control human and machine access across cloud and SaaS. The product discovers identities, roles, and privileges, then centralizes policies to enforce least privilege. It automates joiner‑mover‑leaver processes, access requests, and approvals, and provides recurring… Read More →

Zluri

Zluri delivers cloud identity governance to control human and machine access across cloud and SaaS. The product discovers identities, roles, and privileges, then centralizes policies to enforce least privilege. It automates joiner‑mover‑leaver processes, access requests, and approvals, and provides recurring… Read More →

SecurEnds

SecurEnds delivers cloud identity governance to control human and machine access across cloud and SaaS. The product discovers identities, roles, and privileges, then centralizes policies to enforce least privilege. It automates joiner‑mover‑leaver processes, access requests, and approvals, and provides recurring… Read More →

Britive

Britive delivers cloud identity governance to control human and machine access across cloud and SaaS. The product discovers identities, roles, and privileges, then centralizes policies to enforce least privilege. It automates joiner‑mover‑leaver processes, access requests, and approvals, and provides recurring… Read More →

Veza

Veza delivers cloud identity governance to control human and machine access across cloud and SaaS. The product discovers identities, roles, and privileges, then centralizes policies to enforce least privilege. It automates joiner‑mover‑leaver processes, access requests, and approvals, and provides recurring… Read More →