The value you get from IGA (Identity Governance and Administration) solutions has always been proportional to your governance “span,” defined by the number of integrations you’ve deployed. The more integrations you have, the more value you get. That’s true whether your IGA business driver is compliance, security, or efficient lifecycle management. But without the right technology, getting the requisite breadth of integrations in place can be laborious and expensive.
You need an IGA integration builder
IGA integrations are about reading and updating permission data or permissions usage data. IGA solution buyers often don’t appreciate the nuances of these integrations.
It’s easy to forget that there’s more to IGA integrations than Identity Provider integrations, which are based on authentication and single-sign-on standards such as SAML, OIDC, or OAuth. There are no standards for IGA integrations. SCIM is touted as an identity lifecycle management standard, but the SCIM model, based on accounts and groups, is severely constrained and can’t handle the complexity and granularity of permissions and their life cycles. And SCIM needs REST API endpoints for data retrieval and updates, an expectation that most applications in the world fail to meet. As a result, integration options such as SQL, SOAP/XML, LDAP, robotic automation, or CSV exports are needed to get the job done.
A CSV export is the most manual of these approaches and one might think, would be the option of last resort. Sadly, it’s been the most widely used IGA integration approach in the last twenty years. This is due in large part to the technology limits of legacy IGA, as well as the organizational complexity inherent in IGA deployments. Getting extracts from an application owner circumvents the sticky issue of getting an application owner to provide or use a sign-on credential for ongoing, automated integration.
IGA solutions that don’t come with a strong built-in integration builder, multiple easy-to-deploy integration options, and automation to map target-specific data to a normalized data model, struggle to deliver value. The number of integrations you need always exceeds the number of pre-built integrations included with any solution, so having the ability to crank out new integrations is critical.
Unfortunately, this can be more than just a numbers gap. It can also be a “capability” gap. Connectivity problems, the diversity of application permission models, the varying granularity of application level and data level permissions, and the need to support both “reads” and “writes” make integrations complex. Application and API version changes, and API rate limits make the resilience and maintenance of integrations difficult. Hybrid IT environments with firewalled systems or cloud virtual-private configurations can be additional obstacles. And arcane user experiences for integration setups make all of these challenges worse.
Integrations are a money pit for legacy IGA
It’s no coincidence that most legacy IGA vendors sweep these integration issues under the rug. Fifty percent of legacy IGA deployments fail because of stalled application onboarding, which is largely about integrations. The typical IGA journey is one long saga of missing or poorly developed integrations and cost overruns caused by integration development projects. In fact, there’s a whole ecosystem of consultants and professional services engineers, including the Big 4 consulting firms, that benefit from the status quo. CISOs end up paying for teams of consultants that work on integration development projects for months or years. If your IGA vendor tells you that every new integration requires Java code and will take weeks to build, find another vendor!
Think of integrations as strategic assets
Careful IGA technology choices that include sophisticated, no-code integration builders and intuitive setup experiences for solution administrators and application owners are essential.
Integrations provide the rich security data set that IGA processes depend on. The confidentiality, accuracy, and completeness of data provided by IGA integrations are non-negotiable. The richness of this data is fueling the AI-driven automation built into the next generation of identity security and governance solutions.
To see how a modern, purpose-built solution with 1000+ integrations can deliver business value quickly, reach out to us at Zilla Security for a demo.