To realize identity and access management’s (IAM’s) full benefits, security and risk (S&R) professionals must avoid falling into the technology-first trap and instead focus on developing an overall IAM program. To do this, security leaders must design a program around business goals, user-centricity, and core security principles and ingrain a growth mindset and collaborative attitude. This report highlights existing Forrester research that guides security leaders on building — and maturing — their IAM program for success.