Session Abstract: IGA activities in organizations have largely been around defining access policies manually, configuring access request workflows and scheduling periodic access reviews. Such activities require significant administration as well as continuous involvement by stakeholders. There are also delays that come with this model that could potentially cause security risk and non-compliance in the organization. An approach that is more intuitive is to discover policies, review them and apply access changes based on policies. This results in fewer IGA administrative and end-user activities for the organization while ensuring that both excess access and under access are addressed in a timely manner.