CIS14: Spinning New Threads with Existing Identity Systems
-
Upload
cloudidsummit -
Category
Technology
-
view
115 -
download
2
description
Transcript of CIS14: Spinning New Threads with Existing Identity Systems
SPINNING NEW THREADS WITH EXISTING IDENTITY SYSTEMS
2
About iC Consult FOUNDED IN 1997 120+ EMPLOYEES OPERATIONS IN 4 COUNTRIES 2 SERVICE BRANDS
Times have changed
3
Now Then
HR
Cloud Use Cases Shift in the design center • High scale & high availability @ low cost
– Rapid deployment to dozens of environments – On-demand change in capacity – Multi-tenancy – Personalized app presentment on login – Data firewall & data sharing – Frequent, iterative rollout of features – Account creation flows
• Vetting through private (not corporate) email • Device registration on a personal device • Password reset with auto-login • “Page 2” functionality • Multiple personas (i.e., business & consumer)
– Custom UI for users, admins, and CSR’s 4
Architectures have changed
Now Then
Corp Data Center
Corp Pla-orm
Elas1c, Virtualized Compute Service
PaaS
App’s 1 2 3
• Always on • Unscheduled elas1c compute • New features rolled out bi-‐weekly • Very low overhead
Packaged IDM Products
Out-‐of-‐the-‐box UI UI’s
…n
Meanwhile, IDM products have changed little
• Existing products are what they were • Core architecture unchanged
• Standards and practices are evolving – But many of the new protocols are “bolted on” to existing architecture
• Scale, performance requirements outpacing product improvements
6
So is IDM as we know it out of its league?
7
Current Requirements
IDM Products
Shipping products will never meet contemporary needs
IDM Products: – it matters less what you use than how you use it
8
We’ve helped companies solve contemporary problems with existing technology
• Multi-tenant LDAP design – Product teams were surprised by the approach, but
endorsed it in the end • Progressive profile creation
– From low-barrier to validated accounts – Validation UI’s
• Automated rollout – Reduces errors and saves time – Iterative feature deployment
• API-level access controls 9
In Summary…
• For identity and access products, creative and destructive processes are ongoing
• Starting over rarely saves time or effort • Use the technologies available to the best of their
abilities
IAM EXCELLENCE
iC Consult Americas LLC 222 S. Main Street, Suite 500 Salt Lake City, UT 84101 E-Mail: [email protected] www.icconsult.com