cis14: spinning new threads with existing identity systems
DESCRIPTION
Mike Neuenschwander, iC Consult Americas A comparison of use cases for identity in cloud and enterprise deployments, with ideas on how to intertwine enterprise and cloud identity systems in the emerging cloud fabric.TRANSCRIPT
![Page 1: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/1.jpg)
SPINNING NEW THREADS WITH EXISTING IDENTITY SYSTEMS
![Page 2: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/2.jpg)
2
About iC Consult FOUNDED IN 1997 120+ EMPLOYEES OPERATIONS IN 4 COUNTRIES 2 SERVICE BRANDS
![Page 3: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/3.jpg)
Times have changed
3
Now Then
HR
![Page 4: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/4.jpg)
Cloud Use Cases Shift in the design center • High scale & high availability @ low cost
– Rapid deployment to dozens of environments – On-demand change in capacity – Multi-tenancy – Personalized app presentment on login – Data firewall & data sharing – Frequent, iterative rollout of features – Account creation flows
• Vetting through private (not corporate) email • Device registration on a personal device • Password reset with auto-login • “Page 2” functionality • Multiple personas (i.e., business & consumer)
– Custom UI for users, admins, and CSR’s 4
![Page 5: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/5.jpg)
Architectures have changed
Now Then
Corp Data Center
Corp Pla-orm
Elas1c, Virtualized Compute Service
PaaS
App’s 1 2 3
• Always on • Unscheduled elas1c compute • New features rolled out bi-‐weekly • Very low overhead
Packaged IDM Products
Out-‐of-‐the-‐box UI UI’s
…n
![Page 6: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/6.jpg)
Meanwhile, IDM products have changed little
• Existing products are what they were • Core architecture unchanged
• Standards and practices are evolving – But many of the new protocols are “bolted on” to existing architecture
• Scale, performance requirements outpacing product improvements
6
![Page 7: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/7.jpg)
So is IDM as we know it out of its league?
7
Current Requirements
IDM Products
![Page 8: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/8.jpg)
Shipping products will never meet contemporary needs
IDM Products: – it matters less what you use than how you use it
8
![Page 9: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/9.jpg)
We’ve helped companies solve contemporary problems with existing technology
• Multi-tenant LDAP design – Product teams were surprised by the approach, but
endorsed it in the end • Progressive profile creation
– From low-barrier to validated accounts – Validation UI’s
• Automated rollout – Reduces errors and saves time – Iterative feature deployment
• API-level access controls 9
![Page 10: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/10.jpg)
In Summary…
• For identity and access products, creative and destructive processes are ongoing
• Starting over rarely saves time or effort • Use the technologies available to the best of their
abilities
![Page 11: CIS14: Spinning New Threads with Existing Identity Systems](https://reader034.vdocument.in/reader034/viewer/2022042700/556bf85dd8b42a6d768b4740/html5/thumbnails/11.jpg)
IAM EXCELLENCE
iC Consult Americas LLC 222 S. Main Street, Suite 500 Salt Lake City, UT 84101 E-Mail: [email protected] www.icconsult.com