Systems and methods for identity and access management are provided in a service mesh that includes a plurality of interconnected microservices. Each microservice is associated with a microgateway sidecar. The associated microgateway sidecar may intercept a request for the associated microservice sent over a communication network from a user device. Such request may include data regarding a context of the request. A token associated with the request may be enriched based on the context data and sent to at least one other microservice. A database of security policies for each of the microservices may be maintained. An authentication engine may generate a risk profile for the request based on the context data of the request and one or more of the security policies in the database. One or more of a plurality of available security workflows may be selected based on the risk profile.