Detecting and addressing inappropriate access is a core purpose of Identity Governance and Administration in SailPoint IdentityIQ. IdentityIQ is designed to provide visibility into who has access, what access they have, how that access was obtained, whether it is appropriate, and what corrective action should occur when access violates business or security policy. Inappropriate access may be identified through access certifications, policy violations, role analysis, entitlement review, account aggregation, and identity correlation.
IdentityIQ supports this purpose by building IdentityCubes that consolidate identity, account, entitlement, role, and manager data from connected applications. Once access is visible, governance controls such as certifications allow managers, application owners, or entitlement owners to approve, revoke, or delegate access decisions. Policies can also detect toxic combinations, prohibited access, or access inconsistent with business rules. Remediation can then be routed through provisioning, work items, or manual fulfillment processes.
Therefore, the statement aligns directly with IGA and IdentityIQ’s identity security model. Reference topic: Foundational Concepts — purpose of identity security; also related to Governance — certifications, policy detection, and remediation.
