The toughest part of Identity and Access Management (IAM) technology is making it work with multi-vendor infrastructure and the growing number of applications that enterprises rely on to do business. This is primarily because the last-mile integration of applications and identity systems has traditionally been hard coded to allow the exchange of information about a user, their identity, roles and access permissions.
In the early days of identity, organizations were required to write bespoke code to integrate the app with the identity system. With the advent of software-as-a-service (SaaS) apps, this model was no longer viable because you don’t control the code of a SaaS application.
Instead, identity vendors began building and maintaining connectors to support individual apps as needed. This model worked because app vendors shared the connectors among all of their customers, who were happy that they no longer needed to write their own integration code.
This approach was initially scalable as there were only a dozen or so popular SaaS apps. However, as these numbers grew, it became problematic to maintain and test the App Connectors needed to keep them working.
The customers had no objections as the connectors were managed and delivered by the identity system providers. But increasingly, those connectors could not support apps that did not work with identity standards such as SAML or OpenID Connect (OIDC).
Identity Orchestration Recipe
In the cloud era, connectors are reaching their breaking point. Just as they were created to address an industry pain point, a new model designed to solve the connector impasse is called the Identity Orchestration Recipe.
This evolutionary approach replaces connectors by eliminating the need for app connectors in the first place. It securely addresses ‘last-mile’ integration with a universal session that works with any app running anywhere, eliminating the need to rewrite apps.
Identity orchestration enables customers to define use cases in terms of repeating patterns and templates called recipes, which shifts the focus of work from plumbing to innovation and allows businesses to focus on higher-level concerns such as customer experience. allows to do. This is possible because security is built-in to the plug-and-play integration model that doesn’t require custom code.
Some examples of uses include implementing personalized user journeys, app modernization, implementing passwordless authentication, supporting multiple identity providers (IDPs), and more. Each recipe can be applied to hundreds of apps.
Consider Lego building blocks. Anyone with a big enough box of Legos can build something amazing – provided they have the time and skill. For most people, though, it’s far easier to use a pre-designed kit to build a Star Wars Millennium Falcon. You get what you want faster and more easily if everything you need is right there, and you can assemble it by following simple instructions.
Identity orchestration recipes work in much the same fashion and are focused on achieving a desired result.
Implementing orchestration recipes is as simple as browsing the ‘cookbook’ of use case recipes and integrating them into the fabric of your identity using a plug-and-play setup. Here are some easy steps to help you get started:
- Create a list of apps, users, and identity systems: What materials do you have to work with? Start with a list of your system, then a list of your applications. Finally, make a list of your users: are you talking about customers, employees, partners, or all of the above?
- Connect Content: Once you have the systems, applications, and users buckets worked out, the recipe comes down to how you connect or integrate those three circles of users, apps, and systems (identity providers, authentication, and other tools).
- Apply Recipes: like boiling an egg; It can be as simple or as complex as you want. Most recipes are implemented in hours or days rather than weeks or months.
Recipes don’t need to be complicated; Here are some best practices to keep in mind:
- Focus on the use cases you want to orchestrate: Think about your business use cases and write them down. A whiteboard or a sheet of paper will do. Are you looking to modernize apps and identity? Do you need to roll out passwordless MFA? Do you want to streamline user sign-up and sign-on experiences?
- Define the user journey you want for each recipe: The fastest way to create a recipe is to ask: “The users are trying to get something. What do we want to happen?” You can see that the flow of the orchestration starts to take shape.
- Remember that the ingredients in the recipe are interchangeable: Don’t get stuck on how it will work with any particular component (IDP, authentication, app, etc.). Recipes allow you to swap out one technique for another; For example, if you need to convert a legacy SiteMinder system to Azure AD, just swap out the identity provider, and the rest of the user flow will continue to work.
- Get Buy-in: Use recipes and their results to gain buy-in from business decision makers and stakeholders by demonstrating the results they can expect. This saves time and money as it is easier to display a recipe on a whiteboard than a software display. It’s also really easy to build and demonstrate a quick proof of concept and then scale it up to hundreds of apps once the business takes off.
Furthermore, recipes can also be adapted to the changing needs as the organization grows. If you have a specific access policy for your employees, you can apply the same recipe to all the apps they use without having to differentiate them. Apply the recipe to 700 applications, and you’re done; No need to make 700 connectors. Making modifications is as easy as replacing bourbon with whiskey in an Old Fashioned cocktail.
Like a Lego kit allowing you to arrive at your desired result faster and more efficiently, the Identity Orchestration recipe provides a holistic approach to solving complex IAM use case challenges.