Integrations Drive Identity Governance

by | Jun 13, 2024

The value you get from IGA (Identity Governance and Administration) solutions has always been proportional to your governance “span,” defined by the number of integrations you’ve deployed. The more integrations you have, the more value you get. That’s true whether your IGA business driver is compliance, security, or efficient lifecycle management. But without the right technology, getting the requisite breadth of integrations in place can be laborious and expensive.

You need an IGA integration builder

IGA integrations are about reading and updating permission data or permissions usage data. IGA solution buyers often don’t appreciate the nuances of these integrations.

It’s easy to forget that there’s more to IGA integrations than Identity Provider integrations, which are based on authentication and single-sign-on standards such as SAML, OIDC, or OAuth. There are no standards for IGA integrations. SCIM is touted as an identity lifecycle management standard, but the SCIM model, based on accounts and groups, is severely constrained and can’t handle the complexity and granularity of permissions and their life cycles. And SCIM needs REST API endpoints for data retrieval and updates, an expectation that most applications in the world fail to meet. As a result, integration options such as SQL, SOAP/XML, LDAP, robotic automation, or CSV exports are needed to get the job done.

A CSV export is the most manual of these approaches and one might think, would be the option of last resort. Sadly, it’s been the most widely used IGA integration approach in the last twenty years. This is due in large part to the technology limits of legacy IGA, as well as the organizational complexity inherent in IGA deployments. Getting extracts from an application owner circumvents the sticky issue of getting an application owner to provide or use a sign-on credential for ongoing, automated integration.

IGA solutions that don’t come with a strong built-in integration builder, multiple easy-to-deploy integration options, and automation to map target-specific data to a normalized data model, struggle to deliver value. The number of integrations you need always exceeds the number of pre-built integrations included with any solution, so having the ability to crank out new integrations is critical.

Unfortunately, this can be more than just a numbers gap. It can also be a “capability” gap. Connectivity problems, the diversity of application permission models, the varying granularity of application level and data level permissions, and the need to support both “reads” and “writes” make integrations complex. Application and API version changes, and API rate limits make the resilience and maintenance of integrations difficult. Hybrid IT environments with firewalled systems or cloud virtual-private configurations can be additional obstacles. And arcane user experiences for integration setups make all of these challenges worse.

Integrations are a money pit for legacy IGA

It’s no coincidence that most legacy IGA vendors sweep these integration issues under the rug. Fifty percent of legacy IGA deployments fail because of stalled application onboarding, which is largely about integrations. The typical IGA journey is one long saga of missing or poorly developed integrations and cost overruns caused by integration development projects. In fact, there’s a whole ecosystem of consultants and professional services engineers, including the Big 4 consulting firms, that benefit from the status quo. CISOs end up paying for teams of consultants that work on integration development projects for months or years. If your IGA vendor tells you that every new integration requires Java code and will take weeks to build, find another vendor!

Think of integrations as strategic assets

Careful IGA technology choices that include sophisticated, no-code integration builders and intuitive setup experiences for solution administrators and application owners are essential.

Integrations provide the rich security data set that IGA processes depend on. The confidentiality, accuracy, and completeness of data provided by IGA integrations are non-negotiable. The richness of this data is fueling the AI-driven automation built into the next generation of identity security and governance solutions.

To see how a modern, purpose-built solution with 1000+ integrations can deliver business value quickly, reach out to us at Zilla Security for a demo.

Author

  • Identity security leader Deepak Taneja smiles at the camera, in a blue and white checkered button-down shirt.

    Zilla Security Co-Founder, CEO & President Deepak Taneja is an entrepreneur and security expert with extensive experience founding and leading enterprise software companies. Deepak has been at the forefront of innovation in identity management for over 25 years.

    His vision for Zilla is to secure the enterprise by automating the management of permissions to all applications and data. Prior to Zilla Security, he founded and led Aveksa, a pioneer in identity governance, and was CTO at RSA Security after Aveksa was acquired by RSA.

    Previously, as CTO for Netegrity, he led the evolution of SiteMinder into an industry-leading web access management platform. An avid supporter of technology entrepreneurship, Deepak has served as a board member and advisor to several successful startups. Deepak holds a B. Tech in Electrical Engineering from the Indian Institute of Technology, Kanpur, and an M.S. in Electrical Engineering from the University of Florida.

    Connect with Deepak via LinkedIn.

    View all posts

Recent Posts

Key Takeaways from a Discussion on Modern Identity Governance

Highlights of Zilla’s discussion on the need to modernize identity governance strategies. IGA experts covered the complex nature of IGA, the importance of automation and AI in a modern IGA strategy, and how to address the challenge of non-human identities.

Leveraging AI to Identify Birthright Access

AI Profiles take the pain out of onboarding, using machine learning to leverage Zilla’s existing knowledge of your applications and permissions to recommend user access profiles.