As organizations adopt more applications, hire more distributed teams, and rely on more non-human identities like service accounts and AI agents, they need their identity governance strategy to keep up. Traditional governance models with manual reviews, static policies, and human-driven approvals are no longer adequate for the modern enterprise.
The AI agent explosion is already underway, and the numbers are staggering. Industry analysts predict that AI identities will soon outnumber human users 25:1. Every one of those agents will need access controls, governance, and reviews, just like employees do today. But organizations aren’t going to hire 25 times more IT staff to manage the shift. That’s not how budgets work. The only way to scale identity governance to meet this new era is by using AI itself.
This is where C1’s AI capabilities come in. With Thomas, our fully automated AI agent, and Copilot, our interactive AI assistant, you can not only accelerate governance processes but also make them smarter, more consistent, and easier to manage.
Meet Thomas: your AI agent for identity governance
Thomas is C1’s first fully automated AI agent, designed to take on some of the most time-consuming and error-prone parts of governance. Think of Thomas as an extension of your security team: always on, always consistent, and always enforcing policy. Here’s how Thomas helps mature your IGA program.
Thomas can automate time-consuming request tasks. Instead of routing every access request to busy managers or security staff, Thomas can automatically approve or deny requests based on your governance policies, or be set to Thomas can be set to make recommendations or to route requests using the appropriate policy. This reduces bottlenecks, speeds up access for end users, and ensures that policy, not guesswork, drives decisions.
In addition to automating access approvals, Thomas can enrich access requests with deep research. Access requests are often approved without full context, which increases risk. Thomas solves this by enriching each request with key information about the requestor, the entitlement, and the potential risk. This makes approvals smarter and more defensible in audits.
Thomas can also augment decision-making with MCP integration. Thomas doesn’t act in isolation. By connecting to other applications’ MCPs, Thomas can factor in contextual signals like IP address risk, unusual login activity, or even whether the approver is out of office. This makes governance dynamic, adapting to real-world conditions.
Using Thomas also adds an access review expert to your team. It can be assigned to analyze review tasks based on a deep understanding of your policies and data and recommend whether to certify, deny, or escalate reviews—so reviewers can make quick, confident decisions. This makes audits easier while providing real security.
With Thomas in place, your IGA program evolves from reactive to proactive and allows you to enforce least privilege at scale.
Empower teams with Copilot
Copilot is an interactive AI assistant that makes governance tasks faster and more intelligent, helping your teams avoid busywork and focus on what matters.
Copilot can help mature your program by:
- Streamlining setup and workflows: With Copilot, you can interactively build access policies, run bulk certifications, or create access requests. Instead of writing rules from scratch or navigating clunky workflows, Copilot simplifies complex tasks into guided, conversational steps.
- Recommending access adjustments: When users request access, Copilot provides recommendations based on risk factors such as their current permissions, historical access patterns, and previous approval decisions. This reduces the guesswork for approvers and ensures decisions align with best practices.
- Surfacing risk insights: Copilot highlights anomalies and risk signals across users, departments, roles, and entitlements. This visibility gives approvers the confidence to deny risky requests and approve low-risk ones quickly.
- Automating requests from the helpdesk: Copilot integrates with your ticketing systems, so access requests submitted via helpdesk can be automatically created, routed, and processed in C1. This cuts down on manual ticket handling and accelerates resolution times.
AI maturity in IGA: from automation to intelligence
Maturing your IGA program with AI is more than just speeding up tasks, as helpful as that aspect is. It also creates a system that learns, adapts, and scales with your organization. With Thomas handling policy-driven automation and Copilot augmenting human decision-making, you can:
- Reduce operational overhead for IT and security teams.
- Improve audit readiness with contextual, policy-based approvals.
- Deliver faster, more consistent access experiences for employees.
- Proactively identify and mitigate identity risks before they become incidents.
The only way to manage the incoming wave of agentic AI is with AI in your identity program that takes action, enforces policy, and evolves with your business. With Thomas and Copilot, C1 gives you the tools to transform governance from a compliance checkbox into a true security advantage.
