Using Robotic Process Automation to accelerate IGA deployments

April 10, 2018

A technique gaining momentum in Identity Governance and Administration (IGA) practices involves the use of Robotic Process Automation (RPA) tools to speed up application integration. Large companies spend millions of dollars each year integrating target applications after foundational work is done. Integrating applications, network devices, infrastructure, and databases is necessary to realize the optimal return on investment in IGA tools by securing accounts and access across the organization. Using an RPA tool accelerates application integration, improves worker efficiency and reduces the time to value for your IGA investment.

The Benefits of RPA

RPA is a proven method of decreasing dependence on administrators. It achieves this by automating administrative tasks like account provisioning and deprovisioning. RPA has proven itself in other industries such as finance and accounting where the technology automatically performs repetitive data input tasks for accounts payable and receivable clerks.

With the ability to check and import data from a variety of input sources like e-mail inboxes, spreadsheets, and databases, RPA tools allow you to manipulate the data in user-like ways, including post-import processing, and output in a variety of formats. RPA output methods include logging into a website and adding imported data selectively to pages and fields you choose. It finishes the transaction by clicking submit for you. These automated input/output processes are called robots. Some RPA vendors have implemented deep learning algorithms and artificial intelligence (AI) that allow robots to adapt to many website changes minimizing post deployment tweaks and enhancements. These advanced robotic processes can be scheduled, manually started, or kicked off remotely by other tools or even other robots.

Adding an RPA tool to your enterprise IAM strategy improves access governance posture by bringing more applications under IGA control. Better IGA control means minimizing your attack surface, eliminating many vulnerabilities, streamlining compliance activities, creating a better user experience, providing substantially more value out of your IGA platform, and doing all of this while driving down staffing and licensing costs.

IGA Basics

IGA tools provide:

  • Self-service access request and approval
  • Automated access provisioning and deprovisioning
  • Reconciliation with an authoritative source of workforce users
  • Access event triggers based on HR status changes throughout a user’s lifecycle.
  • Access certification at appropriate periods.

IGA tools help provide the right access, to the right people, at the right time. These principles are the core functions of every IGA tool.

IGA vendors strive to provide automated services through a business friendly self-service front end which leverages robust approval workflows and full process automation on the back end with advanced auditing and reporting capabilities. However, achieving the benefits of IGA tools can be a challenge. Effective implementations require significant cross-team coordination between IT and business teams, deep technology integration skills, and a significant investment of time and money.

Two of the primary obstacles faced by organizations implementing IGA tools are:

  1. Cost effective application, database, and infrastructure on-boarding to bring them all under IGA management
  2. Staffing for support and maintenance

Using RPA to Ease IGA Adoption

As mentioned earlier, Robotic Process Automation (RPA) is all about automating structured, repetitive tasks so your staff can focus on the unstructured, cognitive, and frankly, more interesting work you need them to do. Since many IGA operational tasks fit neatly into the structured and repetitive category, RPA can provide a compelling alternative to using off-shore resources and other alternatives to meet your IGA implementation needs. An effective RPA tool provides you with the ability to rapidly on-board applications that would otherwise require a costly, custom built IGA connector. Not even using lower-cost off-shore resources can beat a well-built software robot. Multiply the robot integration model over hundreds or even thousands of applications and infrastructure, and now you’re on to something.

Enter the Digital Worker

By introducing digital workers (aka software robots) into your IGA arsenal, you will achieve better results when on-boarding applications, infrastructure, and databases and at a significantly lower cost.  This is what we refer to as Rapid Application On-boarding. Our experience shows immediate and tangible RPA benefits through:

  1. Simplifying IGA system configuration
  2. Decreasing target system integration time
  3. Expanding automated provisioning to more applications (more applications are easily automatable with RPA)
  4. Eliminating the need for labor-intensive, custom application connectors
  5. Providing better validation tools for regulatory controls (for regulated applications)

Many operational run-book procedures can be automated using a software robot. One such IGA area is reviewing daily access or compliance reports for anomalies and alerting staff of issues that need further evaluation and remediation. A common out of the box report is the “Orphan Account” report.  Orphaned accounts are ones that cannot be properly correlated to a known user or identity. A common problem found is that not all accounts on the report are necessarily orphans. Service accounts are often uncorrelated to a user and show up as uncorrelated accounts. A simple robot can be developed to ”read” the report, detect only those accounts that require attention, and create the trouble ticket for IGA staff and relevant application administrators. If the business rules are known, the robot may even be permitted to take corrective action.

Adopting an RPA Solution

Large and small organizations alike complex enough to warrant an IAM Program and an IGA platform should take a serious look at using digital “employees” (software robots). They can provide tremendous value in supporting a long term IAM strategy. Even if you don’t have many applications demanding a rapid on-boarding solution, you would likely benefit from deploying robots in place of out of the box and expensive custom connectors. Not only that, but owning an IGA tool carries with it a significant number of automatable operational and maintenance tasks. Why not turn these tasks over to digital employees freeing your IGA staff to deal with the ones that can’t be?