My Identity and Access Management [IAM] practices—and those of my sector—differ significantly from the industry’s commonly recommended best practices. In this presentation—and hopefully discussion—, I will explore alternative approaches drawn from production environments that have successfully operated for well over two decades. Topics will include managing authorization at Identity Providers and Service Providers, handling 'customer' and 'workforce' identities, and addressing personas and affiliations.

Through these examples, I will challenge prevailing industry assumptions and highlight the nuances and diversity within the IAM ecosystem. Join me in considering whether these deviations reflect missed opportunities to align—or a broader, more complex reality that demands rethinking best practices.