Artificial Intelligence in Identity & Access Management

Identity & Access Management (IAM) sits at the heart of effective cybersecurity. Yet in many organisations, it is still treated as a technical IT topic rather than a strategic priority. For leadership, it can feel complex and hard to oversee, which often results in delayed investment in modernisation.

At a time when organisations are increasingly operating in the cloud and hybrid working has become the norm, this creates a growing risk. Sensitive data is spread across multiple environments, while cybercriminals are using increasingly sophisticated methods to gain access to systems and information.

In this context, IAM plays a critical role. It determines who can access which systems and data, and under what conditions. Without well-designed access controls, it becomes difficult to effectively prevent threats such as ransomware, data breaches or unauthorised access. At the same time, IAM is becoming more important from a compliance perspective, for example in relation to regulations such as NIS2 and GDPR.

Managing access rights has traditionally required significant manual effort. Roles need to be defined, accounts maintained, access requests reviewed and periodic certifications carried out. These processes are often time-consuming, error-prone and costly.

Artificial Intelligence can significantly improve this. By analysing user behaviour, AI helps determine which access rights are logical and necessary for a specific role or function. This makes it easier to apply the principle of least privilege in a consistent way, ensuring employees only have access to what they actually need.

AI can also identify high-risk accounts more quickly. Unusual patterns, inactive accounts or suspicious activities are detected automatically, allowing security teams to respond faster.

Access certification can also be streamlined. Instead of reviewing large volumes of generic access requests, managers receive targeted prompts with relevant context. For example: “This employee is part of team X, and 90 percent of the team has the same access.” This makes the review process simpler and more accurate.

Integrating AI into IAM processes allows organisations to manage access more efficiently and with greater control.

Access rights are assigned faster and more consistently, while anomalies and risks are identified earlier. At the same time, the administrative burden on IT and security teams is reduced, allowing them to focus more on higher-value security challenges.

A key principle remains the collaboration between people and technology. AI supports analysis and decision-making, but human expertise remains essential for assessing risks, setting policies and ensuring ethical and transparent outcomes.

With a well-designed, AI-enabled IAM environment, organisations can accelerate processes, reduce risk and more easily meet compliance requirements. IAM is therefore not just an IT concern, but a critical component of organisation-wide digital security.

A multidisciplinary team from KPMG Netherlands supports organisations in modernising Identity & Access Management. By combining expertise in cybersecurity, AI and data, and Digital Process Excellence, they help organisations design access management that is smarter, more secure and future-ready.