One Identity Manager 10.0 Adds AI-Driven Threat Response

Article Highlights
Off On

In a digital landscape where the human identity has become the most targeted and fragile layer of enterprise security, the traditional tools designed for governance are struggling to keep up with the velocity of modern cyberattacks. One Identity, a prominent leader in identity security, announced a landmark upgrade to its flagship Identity Governance and Administration (IGA) solution on January 20, 2026, with the release of One Identity Manager 10.0. This release is engineered to transform IGA from a passive compliance instrument into an active, intelligent security control, arming organizations with the capabilities needed to anticipate, contain, and manage sophisticated identity-driven threats.

In the Race Against Identity Threats Is Your Governance Platform Keeping Pace

The surge in identity-based cyberattacks has fundamentally altered the security perimeter, making credentials the primary vector for breaches in today’s enterprises. Attackers no longer need to break through firewalls when they can simply log in with stolen or compromised identities. This reality places immense pressure on security and identity management teams to ensure that access rights are continuously monitored and validated against real-world risks, not just against static policies.

This evolving threat landscape exposes a critical governance gap inherent in many traditional IGA platforms. Historically focused on satisfying compliance mandates through periodic access reviews and certifications, these tools often operate with a significant time lag. They can confirm who has access to what, but they frequently lack the real-time context to determine if that access is being used maliciously. This delay between threat detection and identity-based remediation creates a window of opportunity that attackers are quick to exploit.

One Identity Manager 10.0 is positioned as a paradigm shift, aiming to close this dangerous gap by redefining the role of IGA. The platform moves beyond simple compliance, integrating threat intelligence and automation directly into its core. By doing so, it reframes identity governance not just as a tool for auditors but as a dynamic and indispensable component of an organization’s active security controls, capable of responding to threats as they emerge.

The Evolution from Compliance Gatekeeper to Security Sentinel

The old model of identity governance treated the function primarily as a gatekeeper for compliance. Its purpose was to generate reports for audits, conduct quarterly or annual access certification campaigns, and ensure that access policies were documented. This approach often placed IGA in an operational silo, disconnected from the real-time activities managed by the Security Operations Center (SOC) and other cybersecurity teams.

However, the market imperative has changed dramatically. The escalating frequency and sophistication of identity-related breaches have elevated identity security to a board-level concern. Today, organizations demand that their identity solutions serve as a foundational element of their overall security posture. This requires a shift from a reactive, compliance-driven mindset to a proactive, security-first approach where identity systems actively participate in threat detection and response. This evolution is driven by a simple but critical need: shortening the time between the detection of a compromised identity and the execution of a decisive response. Whether it is an employee’s credentials appearing on the dark web or a service account exhibiting anomalous behavior, the ability to immediately revoke access, disable the account, and trigger an incident response workflow is paramount. This connection between identity governance and security operations is no longer optional; it is essential for modern enterprise resilience.

Unpacking the Intelligent Core of One Identity Manager 10.0

A cornerstone of the new release is its ability to facilitate proactive, risk-based governance. The platform can now ingest user risk scores from third-party sources, including User and Entity Behavior Analytics (UEBA) platforms and other security tools. For example, if a UEBA system flags a user with a high-risk score due to anomalous login patterns, One Identity Manager 10.0 can automatically trigger a micro-certification campaign, requiring that user’s manager to immediately re-validate their critical access rights.

To directly address the detection-to-response gap, the platform introduces automated Identity Threat Detection and Response (ITDR) playbooks. These configurable workflows are designed to execute immediate, pre-approved actions when a threat is detected. An ITDR playbook could, for instance, automatically disable a compromised account, revoke its high-privilege entitlements across all connected systems, and simultaneously create a high-priority incident ticket in the organization’s IT service management tool, all within moments of receiving a threat alert.

The release also leverages artificial intelligence to democratize data access through a new AI-assisted reporting feature. This allows administrators and auditors to query complex identity data using simple, natural language. An auditor could ask, “Show me all users who were granted administrator access in the last 30 days and have not used it,” and receive a detailed report without writing a single line of SQL. This capability significantly accelerates investigations and simplifies evidence gathering for compliance.

Finally, version 10.0 focuses on modernizing the administrative experience and enhancing interoperability. A new, fully functional browser-based interface eliminates the dependency on desktop clients, offering greater flexibility and accessibility for remote and distributed teams. Furthermore, enhanced SIEM compatibility through standards-based Syslog CEF formatting ensures that identity and access data can flow seamlessly into platforms like Splunk or Sentinel, enriching the organization’s overall security monitoring capabilities.

Voices from the Vanguard on the Future of Identity Security

The strategic direction of One Identity Manager 10.0 is underscored by insights from company leadership. Praerit Garg, CEO of One Identity, emphasized the need to move beyond traditional governance. He stated that the release combines a “proven governance foundation with intelligence and automation” to empower security teams to operate with greater confidence and efficiency at scale, addressing threats in a more proactive and timely manner.

This vision is validated by key industry partners who see the platform’s evolution as a critical step forward for the market. Ciro Guariglia, CTO of Intragen by Nomios, highlighted the practical benefits for complex enterprise environments. He noted that the platform’s improved data model, powerful automation engine, and scalable, policy-driven attestation methods represent “a significant leap forward,” particularly for managing large and intricate certification campaigns that are common in global organizations.

Activating Your AI-Driven Defense a Practical Framework

The first practical step for organizations is to integrate One Identity Manager 10.0 into their broader security ecosystem. By connecting the platform to existing UEBA, SIEM, and other security intelligence tools, teams can centralize risk data and create a unified view of identity-related threats. This integration is the foundation for enabling the platform’s advanced risk-based governance and automated response capabilities. With the security ecosystem connected, the next step involves designing and deploying automated response playbooks. This requires identifying high-risk scenarios specific to the organization, such as impossible travel alerts, anomalous privilege escalations, or alerts indicating credential compromise. For each scenario, a corresponding remediation workflow can be built to automate containment actions, thereby minimizing manual intervention and reducing response times from hours or days to mere seconds. To maximize the value of the platform’s new intelligence features, organizations should also focus on empowering their teams. Training for compliance, audit, and security personnel on how to leverage the AI-powered natural language reporting can transform their operational efficiency. This allows them to conduct faster investigations and gather evidence for audits more effectively, freeing up specialized IT resources from the burden of manual report generation.

Finally, streamlining administrative operations is a key part of the activation framework. Transitioning identity management tasks to the new web-based user interface improves efficiency, enhances accessibility for remote administrators, and reduces the total cost of ownership by eliminating the need to maintain desktop client software. This modernization step ensures that the platform is not only more powerful but also easier to manage and scale.

Explore more

Ethereum Uses AI Swarms to Proactively Patch Network Flaws

The architectural integrity of global decentralized networks has reached a pivotal juncture where the speed of malicious exploitation often outpaces the traditional cadence of human-led security audits. To address this widening gap, The Ethereum Foundation has fundamentally transitioned its security strategy from a reactive model to an automated, proactive defense paradigm that leverages the power of machine learning. This shift

How Is ERP Modernization Driving DLA to Audit Readiness?

The Defense Logistics Agency currently manages an intricate global supply chain that serves as the backbone for the United States military, requiring an unprecedented level of financial precision and operational transparency to meet modern oversight requirements. This massive undertaking involves a transition from aging, siloed legacy systems to a unified Enterprise Resource Planning environment designed to provide real-time visibility into

What Makes Odyssey Infostealer a Global Threat to macOS?

The long-standing myth that macOS remains immune to sophisticated cyberattacks has been decisively shattered by the emergence of the Odyssey infostealer, a highly specialized malware variant engineered to bypass modern system integrity protections. This transition represents a fundamental shift in the threat landscape, where the historical security-by-obscurity advantage once enjoyed by Apple users has entirely vanished. As the adoption of

Can AI Secure Windows Without Compromising Stability?

The sheer scale of modern software development has reached a point where manual code review is no longer sufficient to protect the billions of devices running Windows across the globe. As lines of code multiply and interdependencies become more complex, traditional security measures are struggling to keep pace with the rapid evolution of sophisticated digital threats. In response to this

Xero Launches JAX to Redefine Accounting with Agentic AI

Small business owners have historically spent an exhausting amount of time tethered to spreadsheets and receipts, but the emergence of agentic AI is finally turning those static records into a living, breathing financial command center that operates with minimal human oversight. With more than five million global subscribers now integrated into its ecosystem, Xero is spearheading a movement toward Accountable