My Takeaways from Identiverse 2026: Where Identity Management Is Heading Next
26 Jun 2026
Identiverse 2026 was a fantastic event.
This was my second time attending Identiverse as CEO of Nexis. Naturally, my perspective is influenced by the conversations I have, the sessions I choose (far too less), and the topics that matter most to our customers. Nevertheless, spending several days surrounded by some of the brightest minds in identity is always inspiring. It is a great opportunity to validate ideas, challenge assumptions, and understand where the industry is heading.
Several topics stood out to me throughout the conference.
IVIP Is Here to Stay
One of the most interesting discussions revolved around Identity Visibility and Intelligence Platforms (IVIP). Some questioned whether Gartner’s newly introduced category represents a lasting market segment or merely a temporary trend.
After many conversations with customers, partners, and analysts, my conclusion is confirmed and clear: IVIP is here to stay.
The reason is simple. IVIP addresses one of the biggest challenges in modern Identity and Access Management: visibility and remediation across IAM silos.
For more than two decades, the IAM market has evolved through specialized solutions. Identity Governance, Access Management, Privileged Access Management, Identity Threat Detection, AI-based security tools, and many others have all developed independently. Each solves a specific problem extremely well, but each also creates another silo.
As a result, many CISOs and IAM leaders still struggle to answer a seemingly simple question:
Who has access to what?
Obtaining this answer across dozens of disconnected systems remains difficult.
IVIP fills this gap. It integrates identity information across the entire IAM landscape, providing a unified view while applying intelligence to identify anomalies, inconsistencies, and risks. More importantly, visibility alone is no longer sufficient. The next step is remediation.
Whether following Gartner’s Visibility, Intelligence, Action (VIA) model or simply good security practice, intelligence only creates value when it leads to action. Modern IVIP solutions therefore not only identify deviations but also recommend or automate corrective actions.
Role Management Matters
For years, many predicted the end of Role-Based Access Control (RBAC). Yet nearly every conversation I had confirmed the opposite.
Roles continue to align naturally with how organizations operate. People understand job functions, business responsibilities, and project assignments. Translating those business concepts into IT authorizations remains one of the most intuitive governance models available.
The challenge has never been the role concept itself.
The challenge is how roles are managed and governed.
Most IGA platforms still provide only limited support for true role lifecycle management, governance and optimization. Organizations frequently lack structured governance processes for creating, reviewing, optimizing, and retiring business roles. Automation remains limited, and continuous role improvement is often missing entirely.
For highly regulated organizations in particular, role governance is becoming increasingly important. Well-managed roles improve transparency, simplify certifications, strengthen compliance, and significantly reduce operational complexity, whilst avoiding the complexity of pure policy-based access control (PBAC).
Rather than disappearing, role management is entering its next generation in combination with attribute-based access control (ABAC) and PBAC)
IAM Governance Documentation Becomes a Strategic Capability
Another topic that repeatedly surfaced was IAM governance documentation.
In Europe, particularly within financial services, regulations such as DORA require organizations to maintain comprehensive documentation for applications integrated into IAM and IGA environments.
Unfortunately, many organizations still rely on Word documents, Excel spreadsheets, SharePoint sites, and highly manual processes. By the time documentation is completed, the underlying systems have already changed. Roles evolve, permissions are modified, and applications continue to develop, leaving documentation outdated almost immediately.
Governance documentation therefore needs to become a living process rather than a compliance exercise.
Modern governance platforms should continuously synchronize documentation with the underlying IAM landscape while distributing ownership across application owners and business stakeholders. This not only supports regulatory compliance but also creates valuable transparency for security teams.
Interestingly, this demand is no longer limited to regulated industries. Large manufacturing companies and other complex enterprises increasingly recognize the same need.
Good governance is ultimately not about regulation. It is about creating clarity within complex environments.
Identity Lifecycle Management Still Deserves Attention
Identity lifecycle management remains one of the foundations of effective Identity Governance.
Many, especially smaller organizations still rely on processes that were designed years ago, often supported by manual administration, custom scripts, and isolated automation.
Provisioning new users is usually manageable because organizations can prepare in advance. Organizational changes and offboarding is where weaknesses become visible.
If identities are not removed consistently and on time, organizations accumulate unnecessary risk. Effective lifecycle management requires much more than provisioning and deprovisioning. It requires structured lifecycle events, regular access reviews, policy certifications, and continuous governance.
When these processes are properly implemented, organizations not only reduce manual effort but also improve security, increase operational efficiency, and establish a much stronger governance framework.
Final Thoughts
Looking back, Identiverse 2026 confirmed something I have believed for quite some time: Identity and Access Management has never been more exciting.
The market is moving beyond individual products toward integrated governance, intelligence, and automation. Visibility, AI-supported decision making, modern role governance, and continuous lifecycle management are becoming essential capabilities rather than optional enhancements.
I deliberately did not cover AI governance in this article, even though they were also important topics throughout the conference. Those deserve a dedicated discussion of their own (cf. my posts in [1] or [2])
If Identiverse demonstrated one thing, it is that IAM continues to evolve rapidly, and I believe the most exciting innovations are still ahead of us.
References
[1] Why 99% Accurate AI Isn’t Good Enough for Identity Governance