Skip to main content
Vol. I · No. 1

The Identity at the Core

The Definitive Chronicle of Identity & Access Management

Breach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO productsBreach: BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpointVulnerability: CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediatelyBreach: BREACH: European fintech platform leaks OAuth tokens affecting 890K usersAdvisory: ADVISORY: CISA warns of active exploitation of SAML implementation flaws in enterprise SSO products

BREACH: Major healthcare provider confirms 2.3M patient records exposed via misconfigured SCIM endpoint

CVE-2026-31847: Critical RCE in FortiAuthenticator — CVSS 9.8 — Patch immediately

BREACH: European fintech platform leaks OAuth tokens affecting 890K users

Topic

Identity Governance

Who has access to what, why, and is that still appropriate?

Identity Governance and Administration (IGA) is how an organization answers the question "who has access to what, why, and is that still appropriate?". It owns the lifecycle of access — provisioning when people join or change roles, de-provisioning when they leave, periodic certifications when nothing changes, and the audit evidence that proves the controls are working.

The legacy IGA market (SailPoint, Saviynt, Oracle, IBM Security Verify) is being challenged by lighter cloud-native entrants (ConductorOne, Aquera, Lumos, Veza) that bet on faster connectors and modern UX over deep workflow customization. The right choice depends on the depth of compliance regime — SOX, NIST 800-53, ISO 27001, OSFI E-21 — and whether your environment is ERP-heavy (legacy wins) or SaaS-heavy (cloud-native wins).

This page tracks our reporting on IGA tooling, certification campaigns gone right and wrong, joiner/mover/leaver automation, role mining, and audit findings from real environments.

Coverage

No posts yet under this topic.

We're writing. In the meantime, follow our breach feed or CVE dashboard for live intelligence.

Related topics