Why Your Governance is Only as Good as Your Identity Data

The value of an identity governance solution is directly proportional to the quality and richness of the data it can access. Ideally, you’d have attribute-rich global profiles of each user, pulled from all your identity sources. In reality, most identity data is locked in silos, and scattered across many – even hundreds – of disparate sources. Mergers, acquisitions and past deployments can lead to multiple Active Directory domains and forests. Further adding to the complexity, there’s often databases accessible only by SQL, other directories accessed via LDAP, and web applications that need information via APIs or REST. The icing on the cake is they’re all represented in different formats and schemas.

Identity governance solutions come with readymade connectors and an integration toolkit that expects to access a tidy, unified source of identity. However, more complex ecosystems mean that integration costs and professional services can escalate quickly. Are you destined to spend months custom coding and blow your budget building high-resolution user profiles for your governance policies?

Imagine instead a clean, normalized view of all the identity in the ecosystem. A federated identity and directory service accesses identity attributes across all endpoints, integrates them in a centralized hub, and then ensures that any changes are reflected back in the original identity source. Thanks to advanced identity virtualization, you now have an attribute-enriched, groups-savvy image of each individual user, but maintain the context of the original source as needed.

A federated identity and directory service extends the value of your identity investment in two critical ways. The first is by acting as an integration engine to build a reference source of identity – users and groups – to feed to your identity solution. The second is by virtualizing the identity solution’s API and representing it as LDAP directory. This repurposes your identity data into a single source of authentication and authorization for applications (WAM, legacy LDAP apps, federated access) that don’t use protocols like SCIM.

The result? As an input, the solution delivers a high resolution reference image and reduced integration time for identity governance solutions. You can now reach farther into the enterprise and deliver broader governance and more granular provisioning results. As an output, virtualization of the identity solution’s API (SCIM) extends the result of the transformation to Access Management, LDAP, and other non-SCIM applications at the speed of a directory. Identity integration lets you do the heavy lifting once and reuse the results where needed.

Read this article and others in the Identity Insider Magazine.


Discussion