Identity Governance (IGA)

nexusID ships SailPoint-class identity governance in the same platform that issues access — so the system granting access also reviews, certifies, and enforces policy on it. There are no exports between disconnected tools, and every action lands in a tamper-evident audit chain.

What's included

Capability	Page	Admin console
Access reviews & certifications	Access Reviews	/admin/access-reviews
Segregation of Duties (SoD)	Segregation of Duties	/admin/sod
Approval chains	Approval Chains	/admin/approvals
Entitlement catalog	Entitlement Catalog	/admin/entitlements
Role mining	Role Mining	/admin/role-mining
Non-employee lifecycle	Non-Employee Lifecycle	/admin/non-employees
Governance groups (delegated admin)	Governance Groups	/admin/governance-groups
Agentic / NHI governance	Agentic Governance	/admin/agent-actions
Access recommendations	Access Recommendations	/admin/access-recommendations
Fine-grained authorization (ReBAC)	Fine-Grained Authorization	/admin/fga
Reconciliation	Reconciliation	/admin/reconciliation
HR source precedence	HR Source Precedence	/admin/hr-source-precedence
B2B/B2C realms	Realms	/admin/realms
Database federation	Database Federation	/admin/db-federation
Global search	Global Search	/admin/search
Compliance reports	Compliance Reports	/admin/reports
Workflow automation	Workflow Automation	/admin/workflows

Design principles

• One data model. Access requests, entitlements, reviews, and approvals operate on the same records — no nightly sync between an IGA tool and the IdP.
• Real enforcement. Authorization is enforced server-side via a permission model, not cosmetic UI gating.
• Best-effort governance hooks. Lifecycle and workflow triggers are best-effort: a governance failure never aborts the authentication or provisioning flow it hangs off.
• Tamper-evident audit. Every governance decision is written to an append-only, HMAC-chained audit log auditors can cryptographically verify.