Identity Governance at the Inflection Point
What a year of C1 cross-customer data reveals about modern identity governance—and what it takes to scale for AI
We analyzed anonymized 2025 data across C1 customers to understand how organizations are governing identity at scale.
The big takeaway?
Identity has become the control plane.
As organizations prepare for the agentic era, identity governance can no longer be episodic or manual.
The data shows organizations are shifting routine access decisions into policy and automation, with humans focused on oversight and exceptions.
What “normal” looks like in 2025
These outcomes are the results of identity programs built on automation, policy, and continuous controls. At the median organization using C1:
~98%
of access requests automated
~21,000
identities governed
~20
applications integrated
90%
of access reviews completed in under 5 days
These results appear consistently across SaaS, financial services, healthcare, consumer platforms, and large enterprises.
The coming identity explosion
More identities
Non-human identities now make up a meaningful share of environments, reaching anywhere from 30–80% in AI-native companies.
More actions
Access is continuous. Some organizations processed tens of thousands of access changes last year—far beyond what manual processes can support.
Less tolerance for friction
Teams are deliberately reducing human effort by enforcing access through policy and automation, without sacrificing control.
Why this report matters
This report captures a critical moment in IGA where governance stops being a quarterly exercise and becomes always-on infrastructure—capable of supporting today’s scale and tomorrow’s AI-driven demands.
Dive into the data to see how organizations are already governing identity at AI speed, and what it takes to scale access.
Download the report
