I am currently a bit confused by the product ideas of IG on one side and the User Application on the other side. If I have both I cannot determine which functionality to use in which software.

Currently I import users from the IDM and permissions (basically roles) from the User Application (UA). I need the Business / IT / Permission role definitions in the UA to represent my company structure. But I cannot use them to ease the process of review. E.g. if you have permission role p1 and p2 because you have business role b1 (which are p1 and p2 are linked to) you have to review b1, p1 and p2 which blows the review items up. Yes, you can use business roles in IG to ease the review but then you would need to define your roles twice (and don't forget that you need to specify the users which should own the IG business role). I would imagine that I could import the roles from UA somehow?!

In a text it's hard to tell what I mean but currently I have the feeling that IG and UA are linked somehow but it does make much sense to me. I would be glad if someone can tell/hsow me what each product is designed for and where the line (and thus interface) between both of them is.