Episode 076 01‐07‐2024 Future of IGA - GluuFederation/identerati-office-hours GitHub Wiki
Title: Access Certifications v. New Authz Paradigms
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Radovan Semančík, Co-founder and Software Architect at Evolveum
- Guest: Slávek Licehammer, Head of Engineering at Evolveum
- Guest: André Koot, IAM Strategist at SonicBee
Description
🚀 Join us for the first Identerati Office Hours Livestream of 2025 🎆 , as we dive into the Future of Identity Governance and Administration (IGA)!
We're thrilled to host identerati Radovan Semančík , Slávek Licehammer of Evolveum and André Koot of SonicBee for discussions on the IGA trends shaping the industry, and strategies to future-proof your identity governance program.
📅 Date: Tuesday, January 7 ⏰ Time: 16:00 CET / 10:00am EST 🔔 RSVP https://lnkd.in/gPyNrpDb
Homework
-
Linkedin Post: IAM Traps and Pitfalls: Technical Flexibility and Adaptability
-
ID-Pro Article: Non-Human Account Management
Takeaways
⚡ Enterprises implement IGA not just to control who has access, but to understand WHY.
⚡ Are enterprises still satisifed with their IGA system? It depends who you ask... IGA is an "IT" practice. But many recently aquired cloud applications fall outside IT's purview.
⚡ Many businesses are struggling to implement basic security, especially given shortages and turnover in cybersecurity teams and the need for more expertise.
⚡ Enterprises want to see more efficiency in the IGA tools and processes. AI promises at least a palliative solution--suggestions for similar roles for example.
⚡ Authority has to be delegated, and ultimately this is still about the accountability of people within an organization. Maybe there is no difference between governing person and software entities? If you abstract how we express policies (Cedar, Rego, RBAC etc.) and how we describe the entities (human, software, etc.), govenance hasn't changed.
⚡ Workforce SaaS IDP ubiquity (Entra, Google, Otka) means that the IDP is the target for all modern IGA worklows--the data must end up in the IDP. Thus, the JWTs issued from the IDP provide data from the authorative source for human identity (and soon software identity?). So one could say that the JWTs are the new "policy information point" (or "PIP").
⚡ There are still many non-federated apps out there. Hello RACF! And for some time, IGA tools are bridging the mountain of existing IT technical debt.