Choosing the best Identity Governance solution for your company
Great set of requirements from hard won experience. Just ServiceNow? Lack of a movers and revalidation process? Solve likely your no.1 cyber risk that will get you hacked.
Introduction
We had written a few articles on Identity Governance and Administration (IGA) that we are amazed to have not yet published a set of requirements to help you chose the best one for your company.
What is Identity Governance and Administration?
I can’t get away from the iceberg metaphor. If you think identity is Active Directory, Entra ID or Okta, it is worth your while to learn about what is under the surface.
Identity governance and admin is all about:
Access request.
Access approval.
Access provisioning and deprovisioning - automated and manual ticket management.
Access reviews and re-certifications.
Entitlement/role composition review.
Segregation of duties and toxic combinations (standard and privileged access).
Access monitoring.
Identity lifecycle management (joiner, leaver and movers).
Account management (account unlock, enablement etc.)
Password and MFA factor registration and reset.
Quite a lot right? Consider how little you think about these things considering you need it for every system and every class of user. Do you just assume it is done? Do you just use ServiceNow badly?
Remember that if you want customers or external identities (what Sailpoint calls Non Employee Identities with their recent acquisition), and you want maximum self service all user types benefit from IGA:
Customers B2B or B2C
Workforce - staff, vendors etc.
Guests - wifi etc?
Machines - all system to system access that you just currently use an API key or client ID secret for. How do you manage the lifecycle of this access?
Why build a customer self service identity and account management capability when you can just buy the best one and integrate it via API’s? Who will maintain a custom capability in your CMS? What will that cost you over 5 years?
Other IGA posts
Why you should invest in Identity Governance
TL;DR It is worth thinking about how you do the following for access to all your systems for customers, staff, third parties and guests: Access request. Access approval. Access provisioning and deprovisi…
Identity and Access Lifecycle Patterns
Identity and Access Lifecycle Patterns I’m the co-founder of Identity Revive. We can help you: Build a business case for Cyber Security. Understand your requirements and help you with any identity and a…
Why do Identity and Access Management Projects Go Wrong?
TL;DR Identity and Access management is how you manage who, and what, has access to all your systems and what they can do in those systems. This includes your Customers, Staff and Third parties (Workfo…
Choosing the right IGA for your company:
If you don’t have time, and you do have the money, I would just pick one of:
Sailpoint Identity Now
Saviynt
Microsoft Entra Suite
https://zertid.com/ - this is actually a cool Aussie startup built in ServiceNow
If you do have time: