The Identity Governance and Administration (IGA) space continues to evolve and enters mainstream market adoption with most vendors providing mature capabilities around the core IGA functions.
With that in mind, this blog provides and insight into Key Questions to ask your IGA Vendor ensuring a successful deployment.
Code free configuration
Is the platform easy to deploy and without custom configuration?
Check that the platform has been built to be straightforward to configure and features off-the-shelf workflows for most of the scenarios faced by the modern enterprise. You’re looking for a platform with a flexible RBAC model baked into the product, where no custom code is required to configure the policies which will drive the identity lifecycle in most cases.
However, you also need to check, for more advanced scenarios where workflows can be modified and a scripting engine can be used.
You are looking for balance between the ease and lower cost of ownership of a codeless approach, with just enough flexibility without burdening the organization with custom bespoke code to manage.
Standards first approach to integration
Does the platform comply with industry standards?
Ideally your IGA platform will be built upon the industry standard for identity management, SCIM. This adherence to standards means it’s easy to integrate with other applications and identity platforms.
However, not every application supports SCIM – so check that the IGA platform provides other methods of integrating via standard methods like LDAP, JDBC, CSV or REST.
Be aware that some vendors charge additional license fees for these different integration modules, so look for a vendor with an ‘all in’ license model or factor additional costs into your considerations.
Delegated administration
Can you securely delegate the ability to request,
manage and approve access to another person, department and/or office?
One of the core benefits of an IGA platform should be efficiency, therefore avoid a platform that requires all identity administration via a central IT department. Aside from that, it makes sense to allow users across the organization to onboard new users locally – for example if they have a contractor working in their department for a period of time.
With this in mind, check that your IGA solution provides delegated administration features that enable identity administration activities to be delegated either within or outside of the organization. Determine whether these capabilities are out-of-the-box or require consultancy services to develop or implement. It’s also important to satisfy yourself that even in a delegated scenario you will retain sufficient control over access control and identity governance – verify that centrally defined policies will apply across your delegation framework.
Flexibility
Does the solution offer multiple deployment methods?
Many organizations now say they are ‘cloud first’ but the reality is that it is a hybrid world. Few organizations are 100% cloud, and few are 100% on-premise. Depending on the scenario, IGA can be best deployed on-prem, in the cloud or in a hybrid configuration, with some elements on-prem and some cloud hosted.
The right answer for you will depend on your preference and local network factors. Make sure that the IGA vendor has the flexibility to support the model that you need, and to flex in the future if your needs change.
It’s worth noting that while a 100% cloud approach may sound attractive, there are sometimes good reasons why a hybrid model may make more sense – for example if there are no agents on premise, then the cloud hoste