2 factors imo - scope of permissions & time spent on manual configuration/approvals as a company grows in size of employees and the number of resources it manages. ClickOps doesn't scale well since more employees requesting access to more resources will result in more context switches to grant/revoke those requests. At my last large fintech company, this led to lots of ad-hoc access request or time spent tracking which file contained the permissions and reviewer for which resource - time that could've been used developing features instead.

As for when - when the devs in a company find themselves spending much of their time manually approving permissions requests or just broadly granting access without paying attention to the scope is a good sign they're ready to move to Iac