Edited by Apryl Motley, CAE – Communications & Technical Writing Consultant
Estimated reading time: 3 minutes
As part of our ongoing commitment to providing you with additional opportunities to benefit from the insights and expertise of InCommon Catalysts, we are continuing their quarterly Q&A column, Catalyst to Catalyst. We feature the column in our e-newsletter, InCommon News.
Think of Catalyst to Catalyst as a quarterly virtual advice panel that provides perspectives on key identity and access management (IAM) topics for the InCommon community.
In this installment, two catalysts discuss various aspects of identity governance and administration (IGA). This is our final column for 2025.
How do you evaluate and understand the various IGA and IAM products in the market?
Evaluating IGA and IAM products for any client, especially when comparing them, involves building a matrix of desired features, capabilities, and attributes, and assigning values to each.
For example, an attribute “deployment model” could be “On-Prem/SaaS,” whereas a capability like “PeopleSoft Campus Solutions integration” may be “native/third party/custom/not possible” or perhaps a numeric value representing the completeness of the integration supported by the product.
We will also develop “weights” for these criteria for purposes of comparison to reflect that requirements, such as “supports iOS and Android,” may be significantly more critical than “allows end user user interface personalization.”
While vendor documentation and RFP/RFI responses can provide input for this matrix, it is important in higher education especially to fact-check with integration providers, other customers, and market research organizations for applicability to higher education use cases. Can an IGA tool handle multiple authoritative sources of identity with multiple affiliations and overlapping lifecycles? Can an IAM tool speak Security Assertion Markup Language (SAML) generically to integrate with a wide variety of solutions (including custom solutions developed to the protocol specifications), or is it only supported on a limited subset of commercial IDP/SP options? Does the product vendor have experience with higher education and the complexities involved?
What may look on the surface to a software vendor as a small organization with 70,000 users may not consider that a fourth of these users are onboarded/offboarded each year, which is not a typical use case outside higher education. With SaaS, it is crucial to identify whether lower environments (dev/test/etc) are provided and what limitations may exist in terms of the number of users and integrations allowed.
Finally, these commercial offerings must be weighed against building a solution in-house, either from scratch or utilizing open-source software as a basis. Over the decades, trends in build vs. buy, on-prem vs. hosted have gone back and forth, and depending on the pricing, complexity of requirements, maturity of offerings, and in-house capabilities of the institution, what was an obvious decision years ago may be very different tomorrow.
– Mark Earnest, Chief Operating Officer, Instrumental Identity; mark@instrumentalid.com
What is the biggest challenge institutions face in managing their IGA solution?
IAM is often treated as a utility, invisibly working in the background until it doesn’t. IAM teams are valued for getting things done, but that “invisible reliability” often leads to more operational demand without strategic influence.
This demonstrates the central challenge in managing an IGA solution: IAM is a strategic program that needs institution-wide alignment and prioritization; yet the teams responsible for it rarely have the time, staffing, or authority to lead it fully.
IAM teams in higher education often juggle multiple roles. Directory engineering, SSO operations, account lifecycle support, access approvals, MFA issues, onboarding problems, data cleanup, and ticket queues — nothing stops. The workload forces IGA into a reactive posture. Teams focus on immediate fires — a broken data feed halts provisioning, a department requests an urgent access audit, or a new system needs integration — while strategic work, such as campus alignment, role modeling, policy decisions, and data integration, gets deferred.
IAM’s complexity amplifies the problem. Identity sits between business processes, institutional data, information security, efficiency, and UX. Any change in one domain ripples through the others. IAM becomes the bridge for stitching together decisions that weren’t understood to need coordination. In scope and operational impact, IAM functions like enterprise resource planning (ERP). But unlike an ERP, it’s rarely staffed, funded, or given the strategic voice its impact warrants.
Affiliation management illustrates this clearly. Institutions often lack clear definitions of their populations — students, faculty, staff, researchers, volunteers, contractors, pre-college learners, visiting scholars — the lifecycle of each, the data triggers that define transitions, and the access each group should have. In the absence of clear decisions, exceptions or inertia fill the gap. Exceptions accumulate and build up like plaque, turning the IGA system into a reflection of institutional ambiguity rather than intentional design.
The lack of IAM governance compounds the issue. Without a process that regularly engages leadership to set priorities and expectations, IAM receives an ongoing stream of “top priorities” from every corner of campus. In a functioning governance model, IAM has a standing forum with institutional leaders to align priorities, resolve conflicts, and ensure decisions support long-term benefit rather than individual escalation.
IAM’s biggest challenges are rarely technological. They are born from the human and organizational conditions that identity must reflect. An IGA solution brings institutional data and decisions to life, requiring clarity, consistency, prioritization, and engagement. When IAM is viewed only as a utility, teams lose the space they need to manage IGA as the strategic engine it is. Without that perspective, institutions will continue to struggle to move from “keeping things running” to building a sustainable, future-ready identity program.
– Paul Erickson, Senior Consultant, Moran Technology Consulting; paul.erickson@morantechnology.com