IDaaS: Does one size fit all?

August 17, 2017

Today, the biggest consideration for determining whether Identity as a Service (IDaaS) is right for your organization is accepting ‘one size fits all’; vendors offering multi-tenant IDaaS solutions must provide general workflow and configuration which fit all customers, regardless of unique use cases or governance demands.  Vendor roadmaps (and commitment to delivering) become increasingly important because functionality is added over time based on prioritization from the entire customer base, not your organization.

For multi-tenant IDaaS offerings to serve all industries from a common platform means your company may need to give up more than it is prepared or willing to make IDaaS effective for your IGA needs.

In contemplating your organization’s readiness for an IDaaS solution you need to categorize each desired use case as follows:

  • Category 1: Is the desired use case supported by the current IDaaS version?
  • Category 2: If not, is it on the vendor’s 2-year roadmap?

For supported use cases, it’s assumed the business is willing to adopt the vendor’s built-in approach.  If the use case is not supported, move it to category two as appropriate.  Typical examples of current IDaaS supported use cases include Access Certifications and Access Requests.

For use cases that fall on the vendor’s roadmap, determine if the business can wait or accept the missing capabilities in the initial phases of deployment.  Vendor roadmaps are guidelines and not all product functionality is guaranteed in a two-year period.  Companies must prioritize critical needs and determine how to best meet business requirements when key use cases are not available or forecasted to be supported.

There are currently three options for IDaaS customization limitations:

  1. Deploy on premises stop gap solution
  2. Consider a single-tenant IDaaS offering
  3. Investigate a managed service using traditional on premises technology

If your company’s commitment is to leverage a multi-tenant architecture, you may be limited to a “hybrid” on premises/IDaaS approach.  Hybrid strategies require leveraging an in-place legacy IGA system or licensing and deploying the chosen vendor’s on premises IGA software.   We recommend all capabilities deployed in the on premises solution mimic future IDaaS capabilities to provide a smooth transition once available.  Examples of use cases that may require a hybrid approach include Preventative Separation of Duties during access requests, Role Lifecycle Management, and Role Composition Certification.

The good news for effective IDaaS adoption is options two and three avoid hybrid architecture challenges and provide high levels of customization with the infrastructure savings associated with cloud applications

For everything not identified on the vendor’s IDaaS roadmap, you must assume the vendor is not considering, and will likely never consider, these use cases for their IDaaS offering.  These use cases should be addressed by a separate business application outside of IGA with an interface into the IDaaS solution via published APIs.  A typical example may include Non-Employee Lifecycle Management, which could possibly be more effectively handled by the HR system, such as Workday.

IDaaS IGA tools are based on vendor best practices and demand simplicity. As such, your IT leadership should first determine if the business is ready to cooperate and conform to another organization’s rigid best practices.  And if so, before committing to a transition, we recommend a methodical categorization and evaluation of use cases to formulate the best IDaaS strategy for the needs of your business.