Attendee Info & Inquiries
For years, identity governance was largely framed around people. Employees joined organizations. Contractors received temporary access. Administrators approved requests, reviewed entitlements, and tried to ensure that permissions matched the needs of the business.
The work was never simple, but the model itself was relatively understandable.
That model is now under pressure.
Organizations increasingly operate in environments filled with automated processes, APIs, machine identities, AI-driven workflows, and delegated systems acting on behalf of users. In many cases, these actors are not visible in the ways traditional workforce identities once were. They do not neatly fit into HR-driven lifecycle models. They appear and disappear quickly, interact across organizational boundaries, and often operate with privileges that are difficult to fully track.
The challenge for identity teams is no longer simply controlling access. It is understanding who—or what—is exercising authority within increasingly complex systems.
That shift is reflected across several sessions at this year’s Identiverse conference.
Governance is becoming operational
Historically, governance programs often focused on compliance exercises: quarterly reviews, entitlement certifications, and role definitions that attempted to map organizational structure to technical access. Those activities still matter, but the operational realities of modern systems are changing the conversation.
Today, organizations are trying to answer harder questions:
- How do you govern identities that do not have stable lifecycles?
- What happens when AI agents begin making decisions using delegated authority?
- How do you maintain accountability when actions occur across interconnected systems?
- Can governance processes keep pace with continuously evolving infrastructure?
The result is growing recognition that governance cannot be treated as a periodic review process sitting alongside operations. It increasingly becomes part of the operational fabric itself.
Sessions to watch for
Several sessions this year explore how organizations are adapting governance models to environments shaped by automation, distributed authority, and increasing operational complexity.
This session challenges one of the most familiar identity governance practices: the traditional access review. As environments become more dynamic, organizations are increasingly questioning whether static review processes can realistically manage modern authorization decisions.
Non-human identities are no longer a niche problem. This session examines the governance implications of systems, services, and automated actors operating at scale across enterprise environments.
Identity programs are evolving beyond account management toward relationship-driven models that better reflect how people actually interact with organizations over time.
As organizations exchange information and services more fluidly across ecosystems, customer identity systems increasingly become trust orchestration systems rather than isolated authentication platforms.
Continuous access models sound straightforward in theory. In practice, organizations often struggle with the operational and cultural implications of dynamic authorization decisions.
This session explores an increasingly important concept: identity alone may not be sufficient context for authorization decisions. Intent, behavior, and transaction context are becoming part of how trust is evaluated.
Delegation changes the accountability model
One of the most significant shifts underway involves delegation.
Modern systems increasingly allow software, services, and AI-driven workflows to act on behalf of users. That delegation may be explicit, temporary, indirect, or chained across multiple systems.
Traditional governance approaches were not designed for this level of complexity.
When an AI agent retrieves data, initiates a workflow, or makes a recommendation that affects access or authorization, determining accountability becomes substantially harder. The system may technically authenticate correctly while still creating ambiguity around authority and responsibility.
This is forcing organizations to rethink not only how permissions are granted, but how authority itself is represented and governed.
Governance becomes a business issue
Another theme running through these sessions is that governance is no longer confined to security or compliance teams.
Identity decisions increasingly shape customer experience, operational resilience, fraud prevention, and even business agility. Product managers, architects, and executives are now deeply involved in questions that once lived primarily within IAM teams.
That shift matters because governance decisions increasingly determine:
- how quickly organizations can adopt new technologies
- how safely AI systems can operate
- how trust is maintained across ecosystems
- how organizations respond to changing regulatory expectations
In other words, governance is becoming part of core business strategy.
Looking ahead
Identity governance is entering a period where static models are giving way to more continuous, contextual approaches.
That does not mean traditional governance disappears. Organizations will still need policies, approvals, and oversight. But those mechanisms increasingly operate in environments where identities are more fluid, systems are more interconnected, and authority is exercised in less predictable ways.
The sessions in this track highlight an important reality: governance is no longer just about controlling access.
It is about understanding how trust, authority, and accountability move through modern digital systems.
For organizations trying to navigate AI adoption, ecosystem integration, and increasingly distributed architectures, that challenge is only going to grow.
