1 Introduction
Since its inception in the 1980s IGA has continually evolved as organizations have developed and demanded more extensive and sophisticated identity services. IGA covers not only the identity management functionality but also the monitoring and control features that are essential to identity data administration.
The core functionality expected in an identity management solution includes:
- On-boarding of new users granting them approved access to the resources to they need to perform their jobs
- Automated de-provisioning of users leaving the organization
- A mechanism for users to request, and gain approval for, access to resources when needed; either for a defined period or until revoked
- Ability for users to manage their identity records, including password self-service
- Governance features for management of user entitlements
Today IGA requirements are significantly more exacting. The fast-paced development of new technology means that identity management environments are being stretched to accommodate several new dimensions:
- Managing Identities On-Premise and Cloud Environments: Cloud migration requires the capability of managing identities across on-premise applications and multiple cloud environments. IDaaS is part of the landscape too since enterprises now usually require a properly designed and deployed identity service for cloud-based applications.
- Expectations of AI Adoption: Organizations are resource-constrained and cannot afford the expense of manual intervention or the errors that it generates, leading to the expectation that automation must be embraced. In this vein, provisioning should occur without manual intervention, and governance processes should no longer be laborious and time-consuming for managers. Entitlement anomalies should be identified automatically with manual attestation only required for exceptions. AI is the burgeoning automation strategy that is assumed to assist in these tasks.
- Diversity of Identity Data-Dependent Applications: Many applications are deployed on premise but increasingly applications are migrating to cloud deployments. Some synchronize data to their own datastores while others ingest identity data via HTTP headers, and some use tokens and while others maintain passwords. This diversity puts pressure on IAM environments and is a driver for the move towards adopting APIs for communicating with applications.
- Requirement of Containerized Environments: With the incessant march from VM deployments to Docker to Kubernetes and beyond, IAM environments are being required to support diverse deployment models. Containerized deployments allow organizations to be more agile and to deploy services closer to relying applications, thereby increasing performance, optimizing the use of computing resources, and leveraging the auto-scaling features offered by cloud service providers.
- Diversity of Identities to be Managed: Most organizations have deployed a workforce management environment with approved workflows and entitlement management. Some have also federated with their major business partners forming a trust domain allowing individuals up and down the supply chain to control access to infrastructure. The next step is to manage customer identity information and use the IAM environment to manage customer relationships.
To reflect the high level of flexibility that is demanded of IGA solutions today, identity management should enable the Identity Fabric of an organization that provides controlled access for everyone (and things) to every business system requiring access to an identity service. Identity Governance from Micro Focus is a robust solution that is stepping up to meet these challenges.