SAN FRANCISCO and NEW YORK, April 24, 2025 /PRNewswire/ -- Lumos , the industry's first Autonomous Identity Platform, has launched new capabilities that enable IT and security teams to automatically create, refine, and enforce granular access policies across their complex and ever-changing environments. Leveraging AI to bring autonomy to Identity Governance Administration (IGA), Lumos' new policy and lifecycle automation capabilities help organizations ensure that their human and non-human identities (NHIs) have the right level of access to the right applications for the right amount of time.

Lumos' new capabilities mark a shift away from legacy IGA systems which fail to effectively manage access at the scale and speed that companies require today. A 2024 Verizon Business report found that more than 70 percent of data breaches involve identity-related attack techniques. Hackers now routinely gain access to user credentials, easily bypass authentication security controls, and exploit over-provisioned users with access to applications and data they do not need for their role. Legacy IGA platforms built for simpler times have failed to thwart these attacks due to their lack of integration to evolving environments, and over-reliance on manual and time-intensive processes. Unable to keep pace with the rapid growth of human and non-human identities and applications, these 25-year old systems have left organizations to deal with unnecessary software costs, a drain on IT productivity, and increased security vulnerabilities.

An IGA initiative is one of the most important pieces of an IAM program. However, IGA systems are complex, which often translates to the highest deployment cost. Gartner estimates that 50% of IGA deployments are in 'distress.' "Organizations deploying IGA systems will continue to experience extended timelines due to incorrect use-case documentation, corrupted authoritative source identity data and misleading entitlement data," according to Avoid These Top 5 Mistakes When Deploying IGA , Gartner® 19th Jan 2024.

Rather than forcing organizations to adapt to static roles or one-size-fits-all rules, Lumos' Autonomous Identity platform functions as a self-improving engine - discovering patterns, recommending access policies, and automatically provisioning/deprovisioning workflows across an organization's entire identity ecosystem. The result is 7x faster deployment, dynamic lifecycle automation, and 80 percent lower cost of ownership than legacy IGA solutions.

Today's announcements enhance Lumos' Autonomous Identity Platform in two important ways.

First, with autonomous policy management, Lumos now enables organizations to automate the development of access policies - cutting down on drift, tightening security, and reducing burden on compliance teams. By taking a hybrid approach that combines traditional machine learning (ML) techniques with agentic AI workflows, Lumos analyzes access patterns, user entitlements, and organizational context to create, refine, recommend and evolve role-based access controls (RBAC). Customers benefit from:



Continuous access analysis to detect latent role patterns (stale/static system) and anomalies.

AI-driven policy recommendations that produce natural language role descriptions and suggest policy adjustments based on real-world usage and business objectives.

Enhanced transparency through document-backed explanations for each policy recommendation, facilitating trust and ease of auditing. Adaptive policy refinement through event-driven triggers and feedback loops to accommodate organizational changes and emerging security threats.

Second, with lifecycle automation, organizations can now also autonomously deploy and enforce these access policies across the identity lifecycle. Leveraging Lumos' breadth of integration to core IdP providers, HRIS systems of record, and over 300 SaaS applications, IT teams can deploy joiner, mover, and leaver (JML) workflows with ease across their entire environments in a fraction of the time and at a significantly lower cost than legacy IGA systems. Key features include:



Dynamic policy enforcement with multi-step configurable workflows based on custom attributes, logic, and triggers (e.g., "5 days before start date, create email; 2 days before, assign Google Workspace").

Real-time visibility into each lifecycle step, with granular error reporting and approval audit trails.

Account creation and onboarding provisioning across email and IdP (e.g. Okta, Microsoft Entra and Active Directory) - acting as a single source-of-truth. Auto-detection of identity attribute changes and downstream systems updates (e.g. Salesforce or Google Workspace).

"Managing thousands of permissions across hundreds of apps isn't just a headache - it's a real security risk," said Matt Pecorelli, Deputy Chief Information Security Officer at Mars. "Hackers don't break in anymore. They log in. That's why enforcing least-privilege is so critical. Lumos helps us automate policy creation and lifecycle management, so we can stay ahead of threats, simplify user access reviews, and make joiner-mover-leaver workflows run on autopilot. It's a big step forward for security and the business.

"Autonomous identity addresses the most critical need in today's complex IT environment - making sure the right people have the right access at the right time to the applications they need," said Andrej Safundzic, CEO & co-founder of Lumos. "Our platform brings order to highly complex environments through automation but also provides unique visibility into usage and shadow IT that teams would otherwise not know about. This allows our customers to better understand their IT spend and per-license costs. It's not something that just saves time and headaches - it directly impacts the company's bottom line."

About Lumos

Lumos is the first Autonomous Identity platform to automatically discover and manage access across all your apps. Instead of being overwhelmed by the sprawl of apps and access, Lumos empowers organizations with one unified solution that controls access on auto-pilot. With Lumos, gain full visibility, enhance security, and boost productivity - all in one platform. Trusted by hundreds of companies including Pinterest, Anduril, and GitHub, Lumos powers millions of access requests across global companies. Learn more: lumos .

