Director of Solutions Architect, Radiant Logic
The value of an identity governance solution is directly proportional to the quality and richness of the data it can access. Ideally, you’d have attribute-rich global profiles of each user, pulled from all of your identity sources. In reality, most identity data is locked in silos, and scattered across many—even hundreds—of disparate sources. Mergers, acquisitions and past deployments can lead to multiple Active Directory domains and forests. Further adding to the complexity, there’s often databases, accessible only by SQL, other directories accessed via LDAP, and web applications that need information via APIs or REST. The icing on the cake is they’re all represented in different formats and schemas.
IGA solutions come with ready-made connectors and an integration toolkit that expects to access a tidy, unified source of identity. However, more complex ecosystems mean that integration costs and professional services can escalate quickly. Are you destined to spend months custom coding and blow your budget building high-resolution user profiles for your governance policies?
Imagine instead a clean, normalized view of all the identity in the ecosystem. A federated identity and directory service accesses identity attributes across all endpoints, integrates them in a centralized hub, and then ensures that any changes are reflected back in the original identity source. Thanks to advanced identity virtualization, you’ve now got an attribute-enriched, groups-savvy image of each individual user, but maintain the context of the original source as needed.
A federated identity and directory service extends the value of your IGA investment in two critical ways. The first is by acting as an integration engine to build one reference source of identity —users and groups—to feed to your IGA solution. The second is by virtualizing the IGA solution’s API and representing it as LDAP directory. This repurposes your identity data into a single source of authentication and authorization for applications (WAM, legacy LDAP apps, federated access) that don’t use protocols like SCIM.
The result? As an input, the solution delivers a high-resolution reference image and reduced integration time for IGA solutions. You can now reach farther into the enterprise and deliver broader governance and more granular provisioning results. As an output, virtualization of the IGA’s API (SCIM) extends the result of the IGA transformation to Access Management, LDAP, and other non-SCIM applications at the speed of a directory. Identity integration lets you do the heavy lifting once and reuse the results where needed.