Contact us
Memority

Identity and access management: a lever for local government's digital independence

On June 23 and 24, Memority participated in CoTer Numérique, the conference bringing together decision-makers from French local governments.

On June 23 and 24, Memority participated in CoTer Numérique, the conference bringing together decision-makers from French local governments.


During the event, I had the opportunity to lead a workshop on an issue that has become central to government agencies: “Access and Identity Management: A Lever for the Digital Independence of Local Governments.”



One account is all it takes.

377,418 applicants whose personal data was stolen via the compromised credentials of an administrator account. 1.2 million records from the FICOBA database accessed after a government employee's credentials were stolen. Health data accessed without authorization through the impersonation of healthcare professionals.


These incidents have little in common, except for their origin: in each case, it wasn’t a system that was attacked head-on. It was an identity that was compromised, and insufficiently controlled access rights that did the rest.


For local governments and public sector entities, the question is no longer whether this type of incident can occur. It is how to prevent it, and how to limit its impact when it does occur. The answer increasingly lies in rigorous control of digital identities and access, what is known as IAM: Identity and Access Management.

Check out our white paper

Managing digital identities in the Public Sector.

Through numerous use cases, this white paper demonstrates how IAM is today a major strategic lever enabling institutions, administrations and businesses to be more secure, more agile and more compliant with regulatory requirements.


Download the Public Sector white paper

Five simultaneous pressures on public information systems


Local government IT departments have never had to deal with so many simultaneous pressures.


  • Digital transformation is accelerating. The digitization of citizen services, the transition to paperless administrative procedures, and the growing number of mobile employees: information systems are becoming more open and decentralized, and the scope of access that needs to be managed is exploding.
  • Information systems are becoming interconnected. Data exchanges between public entities are increasing, external partners are accessing internal applications, and “external” identities are becoming just as critical as “internal” ones.
  • The smart city creates new points of exposure. Sensors, connected devices, non-human identities: local governments’ industrial systems are merging with digital technology. Every new connection is a potential source of risk.
  • Regulations are becoming stricter and more extensive. NIS2, LPM, PSSI-E, AI Regulation: obligations are multiplying and expanding to new areas.
  • Digital sovereignty is becoming a political requirement. Citizens’ data and government processes cannot be subject to foreign jurisdictions. This is no longer an option: it is a requirement imposed by the government and expected by elected officials.

Faced with these five pressures, IAM emerges as the cross-functional solution. Not because it solves everything, but because it is at the heart of everything: every access request, every identity, and every piece of sensitive data passes through it.



IAM goes far beyond cybersecurity


It is often a mistake to view IAM solely as a security tool. Its scope of value is much broader.


In terms of cybersecurity, robust identity governance helps detect orphaned accounts, excessive permissions, and abnormal logins. It serves as the first line of defense against identity theft attacks, which are now the primary entry point into public organizations.


In terms of user experience, a well-designed IAM system simplifies staff members’ lives: unified access via SSO, a self-service portal for authorization requests, and fewer help desk tickets. Employees spend less time managing their access and more time providing services to citizens.


In terms of transformation, IAM serves as the foundation for quickly and securely integrating new use cases: new partners to connect, new applications to deploy, and new user groups to onboard. Without a standardized IAM system, every new project becomes an access management task that must be handled manually.

In terms of autonomy, IAM enables a local government to retain control over its data and processes, independent of decisions made by third-party software vendors or external service providers.


These four dimensions highlight an issue that goes far beyond the security department alone. IAM is a corporate-wide initiative.



What regulators have already decided for you


If your organization has not yet begun its IAM initiative, regulatory requirements have just accelerated for you.


NIS2 now mandates MFA for critical access. It requires incident reporting within 24 hours, which is strictly impossible without a complete and actionable IAM audit trail. It includes the management of third-party identities within the regulatory scope and holds executives personally liable in the event of a breach. For the affected public entities, this is a performance-based obligation.


The EU AI Act, less frequently mentioned in this context, introduces a requirement for access traceability for high-risk AI systems. In other words, AI tools deployed in government agencies for case analysis or benefits management must be able to account for who accesses them, under what circumstances, and with what authorizations. This is essentially an IGA project. Shadow AI is the new Shadow IT.


The question is therefore no longer “Should we invest in IAM?” But who will initiate the investment first? Your attackers, your regulators, or you yourself?




Jurisdictional dependency: the overlooked angle


Among the challenges of digital sovereignty, one aspect remains insufficiently addressed by local governments: the jurisdiction under which your IAM solution operates.


By its very nature, IAM is the system that centralizes your organization’s most sensitive information. It knows who accesses what, when, from which device, and with what permissions. This is precisely what makes it a strategic asset. But it is also what makes it a target, and a risk, if the chosen solution is subject to extraterritorial laws.


The Patriot Act, FISA, and the Cloud Act: these laws allow foreign authorities to access data hosted or managed by U.S. companies without notifying the data owners. The question “Is your IAM subject to these laws?” is not yet asked frequently enough in public tenders. It should be a standard requirement.


Mastering your IAM therefore also means managing a strategic dependency: ensuring that the authorization rules for your sensitive systems and the identities of your employees remain within a trusted environment that you define yourself.


Digital identity, the foundation of public trust


Digital identity management is not a technical issue reserved for security teams. It is a matter of sovereignty, compliance, operational performance, and citizens’ trust in their public services.
 
Local governments that are committing to this today are not doing so solely because of regulatory pressure; even though that pressure exists and is intensifying. They are doing so because they have realized that identity is the foundation of any secure and scalable digital service.
 
Securing identities means securing the digital environment. And in the public sector, it also means securing trust.

Case Study :

A strategic public sector organization modernizes its IAM: 1,000 identities, 7 months


A public sector organization operating a complex industrial infrastructure and a heterogeneous digital ecosystem undertook the migration of its IAM tool to a full-stack platform covering IGA, AM, and MFA. The challenges were significant: historically incomplete identity data, a wide variety of user groups (internal, external, generic identities), and an absolute requirement for service continuity.


The approach combined a methodology with iterative demonstrations, involving business teams closely from the scoping phase onward. The quality of identity data was validated before going live. The project was delivered on time and within budget.


The results, achieved in less than 7 months:

Schedule an appointment with an expert

Got a question? An IAM project?

Our teams support you in modernizing identity management, optimizing access control and deploying strong authentication tailored to your organization’s needs.


Request a demo

To learn more

Digital Identity Management in the Public Sector


In this white paper, find out how controlled, unified digital identity management can become a real gas pedal for your business! The "Identity Factory" approach proposed by Memority holds three major promises: business performance, user experience, security and compliance. Six business profiles testify to this.


Download the Public Sector white paper

Published by

Alexis de Calan, Directeur du développement

Alexis de Calan

Development Director

Alexis de Calan is a co-founder of Memority, where he drives the company's growth in France and internationally. With over 20 years of experience in IT and cybersecurity, he brings recognized expertise in IAM and a strategic and operational vision of digital security transformations within large organizations.

Recent articles

Presentation visual for the new My Discovery offer by Memority, with the tagline "Govern the invisible" on a teal gradient background.

MY-Discovery: What Your IAM Can't See

Calendrier

June 16, 2026

Memority introduces MY-Discovery, its new extended identity and access visibility offering. As the fourth pillar of the Identity Factory, it extends identity and access governance beyond the declared perimeter.

Read the article
FlècheFlèche

S3NS achieves SecNumCloud 3.2 qualification: Memority now available on PREMI3NS

Calendrier

May 13, 2026

Thanks to the SecNumCloud 3.2 qualification obtained by S3NS, Memority strengthens its commitment to delivering secure, compliant IAM solutions tailored to the requirements of public and private organizations in France.

Read the article
FlècheFlèche
Memority : exercice de crise avec CGI

Crisis management: a real opportunity to raise awareness

Calendrier

April 21, 2026

What if crisis management weren't just for decision-makers? By involving all employees in an immersive simulation, this exercise highlights real-world challenges, builds the right reflexes, and strengthens the collective culture when facing critical situations.

Read the article
FlècheFlèche
FlècheSee all articles
FlècheFlèche