KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Cloud IAM (Identity and Access Management) is on the rise, and it is more than just Single Sign-On. Managing user journeys, directory functionality, access control, and governance is mandatory. Identity and access governance is a key topic in most organizations and, just as with identity provisioning, it does not become obsolete when making the shift to Cloud IAM.
Cloud IAM (Identity and Access Management) is on the rise, and it is more than just Single Sign-On. Managing user journeys, directory functionality, access control, and governance is mandatory. Identity and access governance is a key topic in most organizations and, just as with identity provisioning, it does not become obsolete when making the shift to Cloud IAM.
Good afternoon, ladies and gentlemen, like to our coping, a cold webinar cloud, IM get the full picture to make out of a quick win. How to take a strategic approach to cloud-based IM straightforward, comprehensive, compliant, and secure. This webinar is supported by SalePoint. The speakers today are me Martin Kuppinger I'm CEO, founder, and principal Analyst at Cole and Rick Weinberg. Who's senior director market and product strategy at SalePoint. Before we dive into the presentations, I just wanna give you a quick overview about Ko Cole and do some housekeeping.
And then we will directly Trump into the topic of today. Keeping a call is an Analyst company. We were founded back in 2004, working internationally people in a number of countries, providing neutral advice, expertise, saw leadership and practical relevance in various areas, including identity and access management, information security, and clearly the identity governance part. We provide three types of services. One is research with different research types, including our leadership compass documents, which provide on comparison of vendors and certain market segments.
Our events where we provide so leadership best practices and networking opportunities and advisory, where we provide independent vendor neutral advice to both vendors and end user organizations. The upcoming conferences of keeping a call are the digital finance world, which will be held in Frankfurt March 1st and second next year. And our mainly when the European identity and cloud conference, which will be held again, Munich next year, main lines to twelves. These are our two main conferences. So for the webinar, some guidelines you are centrally, so you don't have to mute or on mute yourself.
We are controlling these features. We will record the webinar and the podcast recording will be available tomorrow, and there will be a Q and a session. At the end. You can answer questions at any time using the questions, features feature to go to webinar control panel, which you usually find the right side of your screen. So enter questions whenever they come to your mind. So we have a long list of questions when we started Q and a session, and that will be the third part. So to have a quick look at the agenda, as I've said, we are two speakers today, and we have three parts of the webinar.
The first part will be me talking about custom customer challenges that drive the journey to cloud IM and how to support all your systems in a hybrid world. The second part then will be done by Rick Weinberg of SalePoint, who will talk about cloud identity and access management or Ida, and particularly look at the aspect of access governance. So don't forget the access governance part or to phrase it differently. Cloud identity management or identity as a service is more than trust singles.
And on, on third part then will be, as I already said, will be the Q and a part where we'll we'll then look at the questions you provide and provide our answers to you. Questions. So picture here, which is which I used a couple of years ago, but I think it's still important for the entire topic. So everything and everyone become connected and we see a lot of change in the way we do computing and the way we structure our it, our it, the way we manage our it. And the three main trends still are on one hand cloud computing, where we see a broader area of deployment model.
So the cloud computing trust has become a reality today for most organizations. So we see cloud computing being very widely used in virtually all countries today. Then we have the social computing part, or what's probably better term the, the growing number of user populations. So we not only look at the internal users anymore and the few couple of partners or the contractor style partners, but customers and leads and prospects. And then we have the mobile computing and where we see and we're changing and have accruing number of devices and use.
So under that change, we also have to change the way we manage it, which means also how we manage the identities, where we have more than ever before, and their access from different types of devices to different types of services, regardless of where they are deployed to, to take another picture here. In fact, we also not only have the people, we have their devices, we have their things, and the organizations, this world has become far more complex. And we see a lot of communication also between devices and things in organizations which run background. So where APIs communicate.
So apps communicate through APIs with services. And so, so we have a far more complex scenario. And I used to phrase a while ago where I said, this is sort of the new ABC. We have to look at the agile business connected. So this is this large change we are seeing. This also changes a lot for identity management. On the other hand, what we also have observed over the past years is that identity and access management have gained massively in momentum. So identity from my perspective is the clue access control is what we need in this ever changing world.
How can we handle all these identities and their access? And also while ago I put together seven fundamentals for future identity and access management. You will find them in my block. And if I look at these fundamentals, I go through relatively quickly.
So it's, we have more than humans. It's also about identities of things. It's about devices, services, and apps. We have multiple ID providers. We will not manage all identities internally anymore, and trust will vary. So we will have different types of providers. We will have some external ones. We will have to deal with them, provide them access trust to these identities will be, yeah, it'll vary.
Some will, will trust. Well, some others we will trust less multiple attribute providers. So there will be different sources for the information, multiple identities. So many users will, particularly external ones will use different identities or personas and flexibly switch between them. But you also see some tendency towards bring your own identity, even though for employees. So we have multiple indicators as well. It's not that there's a single indicator that works for all. We have the identity relationships. So we must map humans to things that devices and apps.
And finally, we have the context, identity and access risk barrier in the context. So identity management is a key essential here, and it's definitely one of the, how should I phrase it? One of the, the fundamental changes we are seeing, and one part of it is that future identity management will be about all identities, employees, business partners, customers, consumers, services, devices, and things. And on the other hand, I think that this is where we then come back to the, sort of the traditional more traditional view on identity and access management.
It's still that a lot of stuff here is sort of very traditional, very classic and required. And I put some red lines around some of the boxes. So directory services, we need them, regardless of where our identity management runs, identity provisioning. We must provision the accounts, the changes to the various systems. We have the need for web access management for all these types of access, where Federation doesn't work. We have access governance as a requirement. So how can we manage who has access to what we have the privilege management area.
So looking at the privileged users there specific type of access. And so what we definitely need to do is that we need to understand on one hand what all is happening. And that's what I will look at in over the next two slides. And how can we manage all that? And to say very simple provisioning or access governance as challenges, they don't disappear.
When we move to the cloud and privilege management, ease of disappears, we need to do all that stuff we do in traditional identity management, identity, access management here in this slide, we see all the various disciplines of identity and access management. We need to do it for all of our environment, regardless of whether we run applications in the cloud or on premise, we need to keep a grip on it. We need to manage it. We need to be good enough to work with these environments. So that who, what, where, how I think is helpful to understand the challenge here.
So when we look at fat client applications, so that was where sort of everything started frequently, a proprietary type of access. Then we added over time, some web applications so many years ago, right now we added business partner, web applications where we then federate two. Oh yes. And there are also some external users that come in to this. When it goes to federal client applications, things become complex, but from an identity access management perspective, we need to manage not only the access. So web access Federation, we need to provision the users unless we use Federation.
But even there, we might have a Federation challenger. Federated provisioning is obviously one of the bigger things to solve, so to solve well, we have the, the challenge of managing or managing the access. So who is really allowed to do what if it's a business partner application for us, then it's a business partner who has to do, but if it's cloud risk, it's us who have to implement access, access governance, and provisioning or privilege management. These challenges don't disappear. When we leave the parameter, when we go to the cloud and for mobile devices, it remains the same.
We have other types of access. We might have web access here, API based access. But at the end of the day, we still need to manage who has, which type of access to which application or service we own or where we are a tenant of and means that our cloud identity management ride ass from a future perspective must be bigger than it has seen in many cases. So I've split it into the sort of the core cloud IM features and which I, again, split into two parts. One are the entry point features so to speak. And the other are mandatory features to add on top of these entry point features.
So entry point features that would be signals on. So how can all of my employees or all of my users, even if they're not employees have a single center on experience to all of the services bday in the cloud, or bday on premise that also requires the outbound Federation to services, which support outbound Federation. It includes adaptive authentication. It includes mobile support. So allowing access through mobile devices, providing the adaptive authentication capabilities.
And so, and then we have, on the other hand, we have the area of mandatory features, which we need to really make this work. So we need directory services. Where do we manage all of the users? We have the area of identity provisioning. We need to provision users in many scenarios. Even the Federation scenarios frequently, we have to inbound Federation. How can we federate people in? We have last but not least the access governance area.
We couldn't could have privilege management, which is to some extent, a little bit more specific discipline, usually not part of the cloud I am or IDAs offerings. So we have integrations as well. How do we do identity provisioning to our, all of our target systems? How do we provision back? If it runs in the cloud to our on-premise solutions, how do we integrate with existing directory services and maybe new directory service in the cloud? And then there might be other areas.
So the advanced authorization aspects, cloud access, broker capabilities, or more consumer and customer identity management focused aspects. But if you look at the, the core area, then it becomes very obvious to, to manage these changing environments. We have been virtually all organizations, this hybrid world of existing and new applications, some on premise, some in the cloud, some very modern supporting all open rest based standards and APIs and others being more proprietary. How do we really support all these applications for all of our users?
So it's about providing services for all types of users, for all types of devices, where we have our sort of standard ways where HR comes in our right end, DT management, our store to all the types of services, cloud services, business partners, channel applications, and amongst the services. There are some of the services which are not often enough seen, I would say, and not at the extent seed in either or cloud identity management as they should be. So provisioning, access governance.
These capabilities are far rare than for instance, Federation or single sign on services, but we need them to really make this work. Okay. Let's move forward. Basically. I think we are already close to my final slide here. Hybrid enterprises need a hybrid identity management. This is I think, a consequence of what I have said. So even if we say we go to cloud identity and access management IDs, we need some way to connect back. And enterprises from my perspective are, will remain hybrid.
So yes, the digital transformation requires organizations to become more open than ever before. It's the ABC stuff. Agile business is connected. We have to support this change, but as well, the existing infrastructure and a lot of the existing it infrastructure is on premise.
And to, to give a very simple example, look at manufacturing environments. Your factory will remain on premise and a lot of it will remain on premise. So even if you say I have a cloud first or cloud only strategy at the apps today, you will end up in most organizations. It's a very large portion of organizations with hybrid enterprises that require hybrid it and hybrid. It requires a hybrid IM IM, which can run in the cloud, but which needs way to connect back, or if it doesn't run in the cloud and need a way to connect to the cloud service.
But if we move to the cloud, I am, and I ask, so the identity as a service stuff, that's what basically our topic of today is then we still need to find, figure out ways which are comprehensive enough. So we support everything from a future perspective, not only singles and on, but provisioning, access governance and all that stuff, and which are comprehensive enough from a scope perspective, allowing us to work with, even if we run it in the cloud to also support all of our hybrid it environments with that, I hand over to Rick who will be the percenter of the second part.
So Rick, it's your turn. Rick will talk about sort of, don't forget the access governance part and some other stuff here.
Hey, hello everyone. My name's Rick Weinberg. I lead our product management and product marketing for Southpoint cloud.
I am, and very excited to talk with you a little bit more about our capabilities today, and also talk through some of the success that we've seen from our customers, particularly as it relates to some of the core governance and provisioning capabilities from the cloud. And, you know, as we go through this, excuse me, I really want to emphasize in, you know, where we see some of the unique differences in, in managing your identity from the cloud, rather than, you know, just from, you know, the on-premises perspective that many of you're familiar with today.
So to begin with, I want to just get, have a little fun with a little, a picture here to reiterate some of the, the points that that Martin just made is, you know, are you seeing the full, the full picture, right? What appears to be a, a man and a woman about to kiss actually is just a man and a woman passing each other. And I think the intent here is you are only, only able to, you know, govern what, what, you know, you have to the old outages, you can't measure what you can't see, right? So you can't govern what you can't see.
And, and so to reiterate again, what, what Martin was sharing, it's critical for enterprise governance to be able to connect to and see everything. So that includes both your on-premises and cloud resources, you know, as well as the ability to, you know, so you have that notion of, you know, having connectivity to those different applications. But beyond that connectivity, it's about getting the complete picture.
And this goes beyond just sort of your lightweight, you know, profiles for single sign on, but you know, where you would expect deep bidirectional connectivity that enables the, you know, the collection of identity and access data device and activity data with the ability to invoke change those target systems.
And this, you know, as, you know, feed some of the core governance capabilities that include provisioning and password management certification, but it also creates a baseline found baseline foundation that we see a number of our customers taking where their identity and access management data becomes an asset. And that asset then can be used to improve the broader enterprise security footprint in many instances where you've got integrations that expand out to say your SIM solution or your DLP solution, your, or your mobile device management solution.
So there's a lot of ways in which as you build that, you know, complete governance foundation that then can be turned and really leveraged organizationally as an asset, of course, you know, and this is some of the, you know, basics here.
So I won't spend a lot of time, but once you have that connectivity and visibility, you know, you're really about, you know, understanding who does have that access, understanding that current state, you know, what accounts, what entitlements and permissions to those users have today, you know, can you, and, and, and, and, you know, and going with the hybrid IM theme that, that Martin touched on, you know, can you manage permission sets and Salesforce, as well as say, the roles and relationships in Oracle EBS, or, you know, roles and profiles and T codes and SAP being able to have that, you know, granularity and, and ability to span across multiple, you know, target systems where they, you know, no matter where they reside is critical.
So, you know, of course not only who does have that access, but who should have that access, making sure that we really identify that desired state and then deliver and secure that right access every single time, you know, but a big thing too, where we've seen success, you know, really take off with many of our customers is, is embracing the notion of empowering everyone for effective governance. It's, it's really, really important to empower the business users who we actually rely upon to provide the governance.
So in order to do that, we need to let those users work, you know, how they like to work wherever that's from, however, and from whatever device they're wanting to use. And so, you know, the, the notion here is that, you know, governance really cannot impede user productivity.
And, and that's really, that's why SSO is so highly sought after. And one of the, the great, you know, pieces of value that many organizations often look to initially in, in what they want from cloud IM because it accelerates that access to applications and minimizes a lot of that end user frustration, you know, it's speed and it's simple, and it's quite quick to, to see that that value come right away. But I think, you know, regardless of how quickly and efficiently that access delivered is delivered, you know, identity governance is, is really paramount.
We can't just accelerate authentication to, you know, access. You're not sure is valid just for automation's sake. It's imperative that we look to other self-service functionality to empower those business users in particular like, you know, the ability to do self-service password reset and, you know, provide self service, access, certifications, and access requests to make sure those are very simple to perform and extend that governance footprint. So delivering, excuse me.
So delivering that simple and intuitive user experience really, you know, can often be the difference between for many of our, our, our customers being compliant and being secure. Right? If you think about that many instance, you have folks who go through the, maybe that rubber stamp process of going through the motions, and yet they may be compliant in their nature, but are they really effective in providing the governance? So you might pass an asset, but you, you might pass an audit, but will you really be managing say enterprise risk?
And the other thing that to note here is we look about empowering folks with governance. This is not just an end user statement, but an administrator one as well. We wanna make sure that, you know, if you look at cloud am solutions that they really embrace the, the notion of configuration over customization, making sure that you know, how you configure the tool is something that is not requiring a, a deep set of knowledge around, you know, where you say Java skills to go and, and customize a solution out to map to the organization's needs.
We wanna be able to take a lot of that functionality and embed it into the product so we can deliver the faster time to value that many of you would expect when you go to a SA solution. So let's look a little bit at, at SalePoint solution identity now, and, you know, wanna touch briefly on some of the, the high level capabilities. And then we'll drive a little bit more detail into some of the services.
The first is, you know, whether you have, you know, governance provisioning or single signup pains, you know, we really see identity now as something that many organizations choose us choose, you know, for, to be able to know that they can, you know, leverage their investment in one solution to meet all of their needs. In many respects, you know, this isn't just, you know, getting some strong, you know, say single sign on capabilities with some lightweight governance and we offer deep functionality across the board.
Another key element is being able to gain, you know, that centralized VI visibility. And this of course, you know, goes back to that, getting that complete picture, not only of connecting to those target systems, whether it was reside on premises of the cloud, you know, but being able to, you know, have that bidirectional connectivity that expands, you know, into the deep governance that you would expect, you know, for those target systems.
The other piece of course, is, is being able to deliver a one unified experience, you know, ensuring we support and really, again, a power that workforce to know, you know, to work where they wanna work. You know, and it's also about providing access, you know, on any device type from any network.
And this is something that's more and more critical, you know, as mobile users become engaged really in, in, in participating in that governance, you know, effort for your organization and the last piece, you know, I think that, you know, we, we see with identity now is that it's a global SaaS platform, and this allows, you know, it's scalable, it's a multi-tenant platform that utilizes a, a microservices architecture.
And that really allows our customers to, to plug in right away with no need to procure hardware or, you know, configure software, go through the, the, the pains of upgrading and maintaining those customizations that many of you know, and we also maintain, you know, one version of our software that we update weekly. And so that really enables, you know, us to deliver innovation continuously and ensure stability in the process. So those are some of the major investments we've made.
Now, when you look at, you know, identity now, you know, this is just sort of a high level architecture view. There are four services we offer. There are the user provisioning, your password management, your single sign on and your access certification. And as we all know, you know, governance starts, you know, with connectivity.
So we can be able to bring in the relevant identity and access data from these disparate target systems, and then go through the process of, you know, normalizing and transforming that to where you have a common, effectively identity warehouse to get a, you know, a complete 360 degree view of that user's, you know, identity and access data with which to drive policy and governance against which, you know, really stems into what the services that we provide deliver.
So the first of these with user provisioning is really about how as many of you know, you know, streamline it operations and I'll touch briefly. And many of you are sure familiar with some of the basics of these capabilities.
So I'll just touch on them briefly, but then emphasize, you know, how, again, we distinguish and differentiate this to from the cloud, what's different and unique to how we do this from the cloud, you know, to start though, of course, you've got the, what you would expect day one productivity, where you can, you know, automate and deliver access to accounts and to, you know, to those target systems, of course, you know, being able to have deprovisioning automates the removal of access, you know, as part of any lever event or termination as, as well as any mover event that might occur, you know, you have the ability to, you know, be able to avoid entitlement creep and ensure that, you know, the access that someone does have, you know, only reflects the access that they should have.
So, you know, of course what makes this difference and what makes this different, this preconfiguration set up options is, is a, is a, a great example here, but we're when we invested in identity now outta the gate, we really looked at how we could lean and leverage our years of experience in identity management. We've, you know, at sale point, you know, we're, you know, been in business for 10 years. And even prior to that, you know, our, our founders, you know, have been in the identity management space for some time.
So we've been able to lean on a lot of our heritage and expertise and experience and look for ways to embed that into the product. And, and so one example of which we've done that is, and the provisioning side is really how we've effectively embedded our provisioning methodology into the product.
And we've done this with this, what, what we call lifecycle states, you know, which really are our, you predefined states with preconfigured workflows that enable and disabled access, according to sort of a transitionary state that a user may have, they could be an active employee or an, an active employee. They could be a remote employee or an employee on a leave of absence.
And those transitionary states, when you move from one to the next, you know, will have, you know, those predetermined, configured workflows that allow for the enablement enabling or disabling that access, you know, typically, you know, for a on-premises world that will require significant workflow customization to provide that. And we deliver. And preconfigure that out the box in the solution. That's just one example where, you know, we try to make a, an investment to, to see how we would do things differently from the cloud.
You know, when you look at self-service password management, certainly, you know, many of you're familiar with the value that it can provide is it helps reduce help desk cause, and, and, and, and cut a lot of the operational costs associated with that.
And, and of course self-service password reset is, you know, a, a great example of being able to embrace and empower the end user to help, you know, mitigate that themselves rather than relying on the help desk to do it for them, you know, but when you think about, you know, some of the key, true enterprise password management capabilities, that's something else that we offer things like, you know, synchronization that allow, you know, common definition of password policies, that it can be extended across multiple applications.
Again, whether those are on premises or in the cloud, you know, not only, you know, this, we, we see this reducing a lot of the cost of administration and, and simplifying the end user experience, you know, for, with when you have password synchronization in place. And of course, password intercept also allows to detect when native changes have been made to say your ad password.
And, and then, you know, to be able to invoke that change other applications that might be tied to that in case those were done directly, you know, not through identity now, as an example. And then, you know, we also see the value of delegated help desk. And this really allows for, you know, some of the specific it personnel to, you know, unlock someone's account or change a password if they can't do it themselves.
And the value here is to be actually have a consolidated tool to deliver this from rather than having to have that delegated administrator need admin access into each and every one of those applications, which can be a big security risk, as you might imagine, but what's different when we do this from the cloud.
Well, I think there's a couple things first mobility given the, the fact that, you know, everyone is on the go and, and needing to access, you know, the, the solution from any device at any time, being able to reset your password on, on any network, really frees up the burden of, you know, users to be able to do it from say your local coffee shop, you know, rather than having to tunnel through your VPN, you know, or be on the corporate network.
So in many instances, doing it from the cloud gives you a lot more freedom where many organizations that look to do an on-premises solution might have to put their solution in the DMZ or require a user to tunnel into the VPN, which, you know, might impact the experience as a whole, or it could be if you put it out in the DMZ, you know, not a very secure architecture as a result. The other thing that's different is how we in leverage, you know, multifactor authentication as part of the experience, really being able to use step up authentication for a passive reset.
Perhaps if you are coming in from say a, you know, untrusted source, as an example, and being able to integrate with, you know, while identity now offers our own native MFA capabilities, we recognize many of our customers lean on other solutions to do so. And so we integrate with many other solutions to support that and that, that MFA integration not only extends to password management, but it cuts across all the services where applicable, of course, certification, you know, is a big, you know, value and, and key governance capability that we provide as well.
First is the, the ability to centralize and automate, you know, access reviews so that we can mitigate a lot of the costly, you know, effort that many of our customers take on because it's so manual today for, for several of them or for many of them, I should say, you know, and the other piece of this is knowing how we can deliver a very consumer simple experience. Again, we wanna empower the users.
So in being able to get them to participate, we want be able to deliver, you know, a very simple consumer experience, you know, so they're very familiar with what they're being asked at the same time. It's, it's, it's ensuring that the effectiveness of those say campaigns to certify user access are, you know, are there as well. So they understand that the, you know, it's not some pic it term that they're having to understand what that access provides, but they can be translated into a, a relevant business term that they understand.
So they can avoid that again, that rubber stamping effect in the process. So, you know, again, doing in this, the cloud, what's different, well, in any respects here, you know, we've seen how, you know, in our, some of the, we have some customers on premises who might often look to define, say further certification campaigns, what we call exclusion rules. You might go out there and say, Hey, look for this certification campaign. I want to exclude C-level officers from participating, cuz they may want say their administrative assistance to do it on their behalf. That's just one example.
But in many instances we are defining a rule that would have to be applied to that campaign. And, and frankly often this rule might be requiring someone to drop and define in, in the code itself and, and it's not productized. And so what we've done is define really campaign filters that provide out of the box, configurable inclusion and exclusion roles that are effectively a library that's built up to allow our customers to leverage and simplify the definition of their campaigns.
Again, really recognizing how and where we can bring a lot of that customization that's done often in, you know, in the middle implementation, bring it in the product. And again, to reduce the, the, the time to value that as, as you go forward in rolling this out. And of course, lastly, you know, we provide, you know, one click single sign on that you would imagine.
And, and the value that many of folks start out with and often think that single sign on is, is, you know, many respects that panacea and that there's incredible value that it provides to be able to simplify the access for the business, leveraging, you know, standards, you know, often, you know, Samware, that's supported in those applications, but also being able to, to engage in secure credential replay for applications that don't support Sam.
And then, as I mentioned before, being able to leverage some of the, the step up authentication, you know, where you might be coming in and authenticating from, you know, an untrusted geo or from a different device that isn't recognized as an example. So one of the things that I, you know, I want to touch on is some customer success stories and, and the first one actually is a great story. That really is an example of what we see in sort of the state right now of as cloud identity access management continues to mature.
And that is in many customers start out thinking that there is a, a pain and need for, you know, single sign in is the, is the solution I'm looking for. And so in this particular instance, there was a, a large global automated parts supplier about 20, 29,000 employees. And here they, they had some end user frustration going on and they had some, you know, increased password related help desk calls that really initiated their pursuit of a single sign on solution.
In fact, they went out and had a proof of concept amongst, I think it was five or six different, largely single sign on vendors. And as part of that, you know, they were thinking that that was really their answer. And as we were brought into the, the opportunity a little later than, than the others, we, we validated our single sign on capabilities to them, but we also pushed out to them and said, you know, as you think about this, you know, what are some of the other requirements that you have as it relates to access governance and provisioning.
And, and they discovered that they actually had some broader goals there. They just didn't expect that they would be able to leverage those from the same solution.
And so, as we talked to them further about their investments, they ended up purchasing all the services from identity now, so that they could choose a single vendor solution, you know, whether that's tying to support their compliance needs, that they had, that weren't directly tied to some of their authentication needs that they had, but we helped connect those dots to them.
And at the same token, they really identified a way that they could empower their workforce, not just be able to do that through, you know, one unified launchpad for single sign on, but where they could use that same launchpad for resetting their password and, and being able to see, and, you know, embrace that same, you know, experience as it related out to other governance capabilities as well.
And then of course, being able to integrate with some of the key target systems in this case, they had a big investment in SAP that allowed us to manage some, not only their cloud investments, but also be able to manage that hybrid IM reality or hybrid it reality that they, that they have. So, you know, great example and success there that we've seen another example touches on a large biopharmaceutical organization about 11,000 employees.
And, and this is actually an example of, you know, some customers we see, you know, aren't ready to jump all their identity and access management and move it directly into the cloud. In many instances here, you know, this large biopharma, you know, obviously has some heavy regulation in their industry.
And so they had some real critical compliance and governance requirements, but a lot of their current identity and access management processes were too reliant upon it itself to govern, instead of, you know, some of the, the business work for the lines of business that, that we often look to to empower as we roll this out.
And so they had a real desire to move to the cloud, but some of their complex processes, you know, tied to their homegrown solution, you know, really made them look at taking a effectively, a combined solution, a hybrid solution, if you will, in this case, they leveraged identity now and single sign on for password management and single sign on password management. And then they used identity IQ are on premises delivery, delivered product for access, certifications, and provisioning in that realm.
So in this case, we often see some customers again, who might wanna dip their toe in the water and still are looking to, you know, choose a, you know, a solution from one vendor, you know, for all their needs. But in this case, they leveraged both our products because they wanted to eventually move to the cloud, but they really saw identity now as the first opportunity to embrace single signin and password management.
And frankly, we see a lot of, of organizations going that route first because they're authentication workloads, whether it's tied to single sign or in this case, password management, you know, don't tend to often be as complex and or easier to transition to the cloud out the gate than some of the heavier weight say provisioning capabilities. And so they just went into production with their single sign on and, and, and they're on scope next to do some birthright provisioning also with their SAP GRC investment that they've made.
And the, and the last, you know, customer success story I want to touch on as is a, is a great one as well, that this is a consumer goods and services provider. They've got about 13,000 employees and they had a number of different needs.
First, the, the primary need where they approached us was they had some heavy duty manual certification processes that they wanted to automate. And so it was be because of the manual effort that they were in. It was very time consuming for them to go through a formal certification campaign and executed. They also had some significant help desk costs that and limited password management capabilities as, as they were really relatively immature for a company, their side size with identity and access management. And then they had some manual provisioning processes.
So again, not a ton of existing solutions in place. And so they in many respects had an opportunity to embrace the cloud outright, and they chose all four services from identity now. And they started with certifications and, and really they saw immediate value outta the gate. They reduced their time to complete certifications from six months to six weeks, you know, leveraging a lot of fewer resources in the process.
And one big piece of this was also being able to embrace a mobile, you know, footprint, not just your desktop to support that campaign completion so that users could, you know, complete their certification managers as an complete, you know, approve or revoke access from their mobile device, not just on their desktop. Now we've also extended. They now have 440 apps in production for single sign on a password management that they've rolled this out and are now just provisioning to ad Google apps and Dropbox.
So they've been a little bit longer tenured customer of ours and really an example of an organization that has extended the value of, you know, not cloud IM you know, beyond just SSO and to that true governance for, for certifications and provisioning. So to wrap things up here today, you know, when I think about what makes SalePoint unique as you, as you consider cloud identity and access management there, you know, are four in my mind, key takeaways first, really our comprehensive capabilities.
We have UN unparalleled breadth and depth of, of our functionality that goes again well beyond single sign-on. We take a very simplified approach.
Again, one that favors configuration over customization at the same tele on the same time is built for the hybrid enterprise. So one that can be able to support, you know, and manage target systems, whether those reside on premises or are in the cloud to be able to get that complete picture that you need. When you look to gov have enterprise identity governance and a solution that offers faster time to value with a lower cost total cost of ownership.
This is what you'd expect when you want to gain the benefits of the cloud, to be able to, you know, be able to plug in right away, to be able to have scale when you need it, to be able to, you know, have weekly updates and innovation, continuous innovation and not go through costly upgrades. You know, that faster time to value is something we pride ourselves in, in the last and in my mind, the biggest is, is really, you know, a proven, you know, expertise that really can transform how identity and access management is consumed.
Again, going back to the experience and heritage we have in our, in the space and thinking about ways that we can transform where and how identity and access management can be delivered constantly looking for ways to, to solve the same problem differently. So we can add more value to you as you and leverage, you know, your, your goals and, and look to, and complete them for identity and access management. So with that, I'm gonna turn it back over to the moderators here, and we can take some questions. Thank you, Rick, for your presentation.
So I'll make me the moderator again, we are right now in the third part of our webinar, the Q and a session. If you have any questions, please enter them right now into the questions area of the go to webinar control panel. We have a couple of questions already here. I think one questions, very interesting, which sort of combined out of a couple of parts, but I've put it together into one larger questions. And that is if you look at the Ida stuff, so the cloud based services, and you're a global organization, while the services frequently are offered more on a Perian basis.
So how does this work well for a global global organization? So how, or with other words, how, how do you do it if you say, okay, I have global organization, there are various reaches of the, the Ida service. What is your approach of that?
Yeah, sure. I think, you know, we, we have many global organizations, you know, many respects. We have an opportunity to, you know, first of all, we're, as a, from a SAS perspective, we are, you know, we leverage Amazon web services and have, you know, zones throughout the world.
So, you know, if for many of our, you know, European customers, you know, they often are, you know, leveraging, you know, our, our Amazon instance and in Frankfurt for that very reason. But, you know, in that said the, so in other words, we, we can support, you know, the delivery of the product, no matter where you reside, as it relates to the global requirements, you know, we often see most organizations leveraging, you know, sort of just one instance for identity now for their production environment.
You know, of course, all of the backup, you know, capabilities are there, as you might imagine, but, you know, in the instance that they may want to reside and leverage multiple production instances for say different sets of users, for whatever reason, if, if they were to very distributed nature, that that can be arranged, the, the, you know, you have to look at how and where that balances the complete visibility that you're seeking.
So, you know, I think as you look at it from a deployment perspective, we certainly, you know, have the ability to, to roll out globally, worldwide based on where our presence and, and investments are, you know, with Amazon at the same time, the flexibility to, to scale where you need it. Okay. Another question is about integration. You provide into Microsoft office 365 slash Azure environment. Sure. Yeah.
We, so out of the gate today, we, we provide not only, of course, not only the ability to provide single sign-on into that environment where you need it, but more importantly, to provide the enterprise identity governance that you would imagine.
So, you know, we have an Azure connector that provides, you know, bidirectional provisioning, password management as well, you know, as you might imagine, certification to support against, you know, the, that particular target system, you know, in this case, you know, with Azure too, you know, we often see, you know, that many organizations are moving their ad environments to Azure in the cloud. And, you know, for the ability to, with Azure to provide connectivity, to not just, you know, Azure as an authoritative source, but to the apps that reside and rely upon that source.
In this case, you might be office 365 or any other application that, that organizations look to lean on Azure as that source, you know, for their identities, you know, their authorization model as an example. So, you know, we have a number of organizations that might have multiple apps that sit on top of Azure that not only can, again, we can manage for authentication and single sign on, but that we can deliver that full governance capability to as well. Okay. I have a more technical question. So for everyone, I think we already touched it.
So the handouts will be available as downloads in the same place where you registered for the webinar. Then other context or content question, you mentioned Rick, that AWS is how identity now it's delivered is that sort of sale points, AWS, I instance, or can now also be delivered in a private AWS and or Azure infrastructure of the tenant It's it's sale points instance.
So today we do do not provide identity now in a, in a private, you know, hosted environment, if you will, for individual customers, whether that be for AWS or Azure, you know, we do see potential opportunity for organizations to potentially leverage our identity IQ offering in that capacity. But when we really look to deliver the identity now service it's really intended to be a service where, you know, all our customers are, are, you know, on the same solution.
Of course, it's a multitenant offering, again, microservice based, you know, where we have individual services tied to non logging alerting, as you might expect, but that is something that is, you know, Southpoint on. Okay.
Thank you, Rick. Another question we have here is my organization is a system to move their identity management to the cloud due to security concerns.
How can I, or so the one who asked the question, help them to see the outer side? Yeah, I think this is, you know, a great point.
I mean, I think, you know, in many respects early on security was often, I think a big hurdle in, in, in recognizing folks to say, Hey, I'm not sure I wanna move my identity and manage it from the cloud. You know, but as an enterprise security solution, we, you know, we recognize identity now has to be optimized for security. We have no choice.
I mean, our, our customers, you you'd expect it, you demand it. You know? And so at the highest level, we have a very, very secure architecture that is firewall friendly. It's a polling mechanism, outbound polling mechanism that we embrace, where we leverage a virtual appliance that sits on premises and only does outbound polling as a, as a basis, which is why, again, it's firewall friendly and we just received patent approval as well on how we store protect critical credentials.
Effectively, we maintain zero knowledge of all, all the keys that, that are used to encrypt credentials that are, are not known to outpoint at all. So there are a number of different things that we use that we embrace to deliver a very strong security architecture and encryption model to ensure that, you know, we maintain a secure service. And oftentimes when we walk through customers, some of the details on that, you know, that really helps build the understanding and, and the last and comfort level and confidence with moving their identity to the cloud.
And the last thing I would just say is, you know, what we've seen from, you know, in many respects, just you look at organizations, you know, I think we've recognized that breaches. Aren't, it's just a matter of when, not, if a breach is gonna happen to an organization and having your, your assets, you know, identity assets managed, you know, on premises or in the cloud, frankly, you know, you're gonna see just as much if not more exposure on premises as you would in the cloud.
So I think people have to are not recognizing that their exposure and their protection when they manage it themselves, isn't necessarily as good as you might expect for relying on, you know, in many cases, a vendor who has to, to rely upon that. Okay, thank you, Rick, you already answered sort of part of this question, another question which came trust now, which was, can you explain a bit how the pretended sec security model protects tenant data? I think you touch this. If there's anything you want to add, How the security model protects tenants status, I'm not sure I understand.
So yeah, you talked about your patented security model and the question was, and I think you already answered in with your last answer, how it protects the customers, data, tenants data, The right. So basically you might imagine when there are you any time an administrator might be using key credentials to configure the product.
You know, we received a patent approval on that, you know, to where we maintain zero knowledge of, of the keys to equip the credentials. They're not known to sale point at all. And so there only can be effectively unlocked by the user in, in his or her device. So it's something that's quite unique.
Again, we just received patent approval on this and has really helped embrace and maintain the data security in the solution itself. Okay. Another question which we have here is can a customer address the hybrid solution for authentication and also, or also ization requirements for both cloud and on premise applications with identity now. So authentication for cloud apps and policy based authorization for in-house apps.
So I guess so from an authentic, so when you say authorization, are you talking about transactional authorization down at the, you know, in terms of actually down at access control policies at the time of that transaction? I, I, I would probably think about I, maybe the person who entered the question can add something around that, but I, I, I would think about more, more exec, but maybe also just touch a little bit more, more, more the space of how, how your hybrid scenarios can work.
So, so the integrations of, of identity now with maybe on premise technology You're right. So our identity now single silent capabilities are optimized for workforce to the cloud. So typically when we see organizations that do have say legacy web applications that are looking to, you know, provide single sign on, you know, to those solutions, we typically look to, to partner there as well.
So we don't provide extensive, you know, capabilities as it relates to the legacy web apps themselves, but I will say, and as it relates to authorization and in like use, like you said, use of Zal, that's not something really provides core SSO along those lines.
Now we do provide a lot of access policy work that, you know, it very much is embracing, you know, both, you know, where are you coming in from what GOs on, from what devices and, and down to the application level to embrace the opportunity to invoke, you know, multifactor, you know, strong authentication as part of that authentication experience. As I mentioned before, how that can then extend out, you know, to other solutions as other services, as well, say password, and we're adding some additional capabilities there for access request here in, in Q1.
So, you know, we really look at, you know, identity now optimizing for key workforce to cloud single sign on, and the ability to provide governance across the hybrid environment, whether those are on premises or in the cloud. Okay.
Thank you, Rick. I think we've gone through the questions right now. If there are any additional questions, don't hesitate to email us. So it's time right now to thank say thank you for all the attendees for participating this call webinar. Thank you to Ric for your presentation and Thank you, Martin. Thank you everyone. Appreciate it. Yeah. Talk here soon again. Our webinar. Thank you. Bye. Okay.
