Practical IAM & CIAM
Combined Session
Thursday, June 06, 2024 11:00—12:00
Location: B 07-08
Thursday, June 06, 2024 11:00—12:00
Location: B 07-08
In a world where authorization is externalised, ownership often still relies with decentralised application teams to allow for organisational scalability. Autonomy of these teams is important so that they can move fast. Zalando has 2000+ inhouse applications owned by 100s of engineering teams who will use externalised authorization. Each of these teams will write their own authorization policies as code using Open Policy Agent.
This talk will share insights into how we started treating authorization artefacts similar to other application development artefacts. The focus will be on building blocks and safeguards that enable engineering teams to take authorization policies through the development life cycle.
There is no good or bad Level of Assurance to root any CIAM upon. It all depends on the business and the risks. A unique mix of business, legal, IT security, technical, and CX skills is required to discover, define, and communicate requirements for customer authentication methods. The correct balance between these factors brings peace of mind and enablement to the business. Hear some highlights of If P&C Insurance's journey of defining and enforcing a Level of Assurance aligned with realities of insurance enterprise.
Do you find yourself chasing down data files for disconnected apps? Yes, we all want fully bidirectional apps…But what about those “file” apps. Learn how to modernize the file collection and ingestion for your IGA Solution by empowering disconnected app owners to upload and pre-validate user and entitlement data on recurring schedules. Don’t fool yourself that your deployment will be the exception. Join Aquera, a 2022 Gartner “Cool Vendor” in Identity-First Security, to learn how to automate this process with improved file integrity, visibility on collection status through a central dashboard, and centralization of audit evidence data.
