2019 SailPoint Identity Insider Magazine - Magazine - Page 34
Sr. Solutions Architect,
Why Your Governance is Only
as Good as Your Identity Data
The value of an identity governance
solution is directly proportional to
the quality and richness of the data
it can access. Ideally, you’d have
attribute-rich global profiles of each
user, pulled from all your identity
sources. In reality, most identity data
is locked in silos, and scattered across
many – even hundreds – of disparate
sources. Mergers, acquisitions and
past deployments can lead to multiple
Active Directory domains and forests.
Further adding to the complexity,
there’s often databases accessible
only by SQL, other directories
accessed via LDAP, and web
applications that need information via
APIs or REST. The icing on the cake
is they’re all represented in different
formats and schemas.
Identity governance solutions come with readymade connectors and an integration toolkit that
expects to access a tidy, unified source of identity.
However, more complex ecosystems mean that
integration costs and professional services can
escalate quickly. Are you destined to spend
months custom coding and blow your budget
SAILPOINT IDENTIT Y INSIDER
building high-resolution user profiles for your
Imagine instead a clean, normalized view of
all the identity in the ecosystem. A federated
identity and directory service accesses identity
attributes across all endpoints, integrates them in a
centralized hub, and then ensures that any changes
are reflected back in the original identity source.
Thanks to advanced identity virtualization, you now
have an attribute-enriched, groups-savvy image of
each individual user, but maintain the context of the
original source as needed.
A federated identity and directory service extends
the value of your identity investment in two critical
ways. The first is by acting as an integration engine
to build a reference source of identity – users
and groups – to feed to your identity solution. The
second is by virtualizing the identity solution’s
API and representing it as LDAP directory. This
repurposes your identity data into a single source
of authentication and authorization for applications
(WAM, legacy LDAP apps, federated access) that
don’t use protocols like SCIM.
The result? As an input, the solution delivers a highresolution reference image and reduced integration
time for identity governance solutions. You can now
reach farther into the enterprise and deliver broader
governance and more granular provisioning results.
As an output, virtualization of the identity solution’s
API (SCIM) extends the result of the transformation
to Access Management, LDAP, and other non-SCIM
applications at the speed of a directory. Identity
integration lets you do the heavy lifting once and
reuse the results where needed.