VMware Cloud Services

Identity Governance and Administration (IGA) feature of VMware’s Cloud Services Engagement Platform (CSEP) available for Early Access

Background: Cloud Services Engagement Platform (CSEP)

VMware’s Cloud Services Engagement Platform (CSEP) is a standardized portfolio of foundational cross-functional SaaS components and business services for effective engagement and central administration of VMware Cloud Services. For customers, CSEP offers consistency (the same administrative experience every single time), simplicity (ease of use and comprehension) and for internal VMware business units, offers acceleration (faster time to market route with inherent built-in foundational capabilities).

For a more detailed overview of CSEP, read our introductory blog here.

As of December 2020, CSEP is the underlying administrative portal driving 25+ VMware SaaS services, known as CSEP Powered Services. Examples of such Powered Services include VMware Cloud on AWS, Workspace ONE, VMware Cloud Director, the Tanzu portfolio of services, and many more.

Introducing the Identity, Governance and Administration feature (Early Access)

According to a 2020 insider threat report by Cybersecurity Insiders, as enterprises shift to cloud computing, some of the most damaging security threats typically originate from trusted insiders with access to sensitive data and systems – including both malicious and negligent insiders


While onboarding to a SaaS service, enterprises typically have questions around two key challenge areas-

  • Management of User Access – How do I request access? What types of access can be requested for users in my org? Is there a way to grant time-bound access?
  • Access Reporting and Certification – Can I have a mechanism to evaluate whether existing users should continue to have access? How do I ensure regular clean-up of stale access to prevent insider negligent threats?


The new Identity, Governance and Administration (IGA) functionality offered by VMware Cloud Services Engagement Platform has been designed not only as an answer to these common questions, but also keeping in mind the need for an overall strong security posture for VMware’s Cloud Service customers. IGA manages entitlements (access rights) to digital identities across multiple systems and applications. It has three main areas of focus that apply to any VMware SaaS service offered to customers atop of VMware’s Cloud Services Engagement Platform:


  1. Identity and Access Lifecycle Management – IGA offers automated provisioning of entitlements to users, along with self-service access requests for services and entitlements. Through IGA, all entitlements and requests can be managed, tracked and centrally administered in a simple fashion
  2. Access Certifications and Compliance – Using IGA, org owners can review whom to grant access, exercise the ability to grant time-bound access, or even delegate for access request approval. It also offers the functionality to re-certify access levels at a later point in time, if needed
  3. Policy Management – IGA offers configurable single level as well as multi-level approval workflows for entitlement grants aligned with Separation of Duties (SOD). Also, policies are categorized by risk level, as an additional layer of security. IGA also offers violation detection capabilities, audit trail visibility and security insights, making it a truly seamless experience for both access requesters as well as for org owners.


For VMware Cloud Service customers, this functionality will lead to a host of security and compliance related benefits, including a strengthened security posture, reduced risk thanks to access control, shorter time to adopt a VMware SaaS service, improved compliance levels through greater accountability.

Next Steps

Interested in testing out the IGA feature yourself? Get in touch with us to enroll in early access beta by emailing kadama@vmware.com. Interested in learning more about CSEP? Visit our webpage to get up-to-date content and updates on CSEP.


Leave a Reply

Your email address will not be published. Required fields are marked *