the identity model in Identity Governance is more advanced then the one in IDM. That's great because you can differ between persons (identities) and the access of persons to applications (accounts). But sadly Identity Governance itself is not aware of this as you give identities access in "Configuration" -> "Authorization Assignments" by either adding groups or identities directly. This has a bad side effect: identities must be able to login. This makes sense from IDM perspective but doesn't make sense from a identity model point of view.
Please make it possible to handle Identity Governance as application itself.
For example I could imagine a new application collector for identity governance which queries ??? (maybe IG database?). Then only these accounts can be used in IG on every point where you currently use identities ("Authorization Assignments", ownership, etc.).