Start with Identity
IGA

RSA Governance & Lifecycle

Founded 1982Bedford, MA, USAPrivate (Symphony Technology Group)Score 3.8/5Evaluated 2026-06-19Website ↗

Capability scores

Methodology →
Authentication
3.0
SSO & Federation
3.0
Authorization
4.0
Lifecycle & Provisioning
4.0
MFA & Passwordless
3.0
Governance & Audit
4.5
Developer Experience
2.5
Deployment Flexibility
3.5
Pricing Transparency
2.5
Support & Ecosystem
3.5

Scored 0–5 against a published rubric. Independent analysis, no vendor sponsorship.

Overview

RSA Governance & Lifecycle, formerly Aveksa and later SecurID Governance, is the identity governance (IGA) component of the RSA portfolio. With deep roots in regulated and federal environments, it is most often found inside RSA-centric programs where SecurID and governance are bought together, rather than chosen fresh by new buyers.

What it is good at

Governance and audit depth is the core strength, with mature certification, role management, and the compliance rigor that federal and heavily regulated enterprises require. For organizations already standardized on RSA SecurID, keeping governance in the same portfolio simplifies the vendor relationship and aligns with established compliance processes, which is the main reason it remains in place. Its long history of on-premises, air-gapped, and high-assurance deployments also fits public-sector and defense environments where data sovereignty and accreditation requirements rule out many cloud-first competitors.

Where it falls short

For greenfield buyers, the momentum sits with the modern leaders. The developer experience and UX feel dated, cloud-native workflows are lighter than newer governance tools, and pricing is quote-based with little transparency. Its strongest case is continuity within an RSA program, not a standalone best-of-breed selection.

Pricing

Quote-based enterprise licensing, typically scoped within a broader RSA engagement. Compare with the TCO calculator.

Best for, and who should look elsewhere

Choose RSA Governance & Lifecycle mainly for federal and regulated environments already invested in RSA. For greenfield enterprise IGA, compare SailPoint vs Saviynt; for modern cloud-first governance, see ConductorOne; for open-source self-hosting, see Evolveum midPoint.

Bottom line

A mature, compliance-focused governance product best suited to existing RSA and federal environments, rarely the first choice for new, cloud-native buyers.

More IGA vendors

All IGA

By SWI Community Team · Last evaluated 2026-06-19

Independent, community-driven analysis. No vendor sponsorship. Compiled from public research and community input and verified on a best-effort basis, so details may be incomplete or out of date. Scores are opinions, not advice. Trademarks belong to their owners; mention does not imply affiliation or endorsement. See the full disclaimer, or send corrections to [email protected].