Advisory Note

2022 IAM Reference Architecture

IAM has been one of the central security infrastructures for many years. The changing role and importance of digital identities lead to fundamental changes in IAM architectures. The challenges for a future proof IAM are complex, diverse, and sometimes even conflicting. Organizations that demand for a blueprint to design and implement efficient and durable IAM architectures that meet current and future requirements need to follow a sustainable yet dynamic architectural design. The KuppingerCole Analysts IAM Reference Architecture provides a comprehensive and evolving foundation for deriving and implementing standardized, yet adequately tailored IAM/IAG architectures integrated into an overall enterprise architecture.

Matthias Reinwarth

mr@kuppingercole.com

1 Introduction/ Executive Summary

IAM (Identity and Access Management) has long been a core service for many organizations to address the complexity of managing identities, accounts, and their access to resources. Organizations require efficient and timely management of identities, their authentication and authorization against target systems. Simple functions like white pages directories were early drivers of enterprise IAM.

Digital transformation is accelerating the need for IAM even more, with digital identities moving to the center of digital transformation. Without the ability to manage and control everyone's access to every service, enterprises will fail in their transformation initiatives.

In 2018 KuppingerCole Analysts introduced the concept of Identity Fabric while complementing it with a comprehensive IAM reference architecture. This concept has been designed to evolve over time to adapt to changes in functionality and overall context. With the beginning of the year 2022, KuppingerCole Analysts has published a reference architecture that has been updated in detail to consider current trends and requirements and to merge them into a unified overall architectural picture.

KuppingerCole provides a comprehensive IAM/IAG Reference Architecture as the common denominator for describing a building block-based approach for individual architecture designs. This document defines a versatile and dynamic architecture blueprint that can be deployed for various reasons:

  • IAM experts and architects can use it as a basis for designing an initial overall IAM architecture landscape, creating this from scratch.
  • It can be leveraged as a reference to analyze existing IAM architectures to identify the achieved coverage and completeness as part of an assessment exercise, typically as a first step of an architecture review and improvement program.
  • In addition to the previous step, the reference architecture is a valuable tool for gradually transforming existing IAM architectures into this building block and service-oriented concept. Clearly segregated and segmented capabilities are defined as such and offered as IAM services. A fit-gap analysis can be conducted to identify capabilities that meet the requirements of the respective organization or those that are missing. In addition, overlaps and duplicate capabilities can be identified as part of a portfolio analysis to streamline the IAM services offered and make them more efficient and cost-effective.
  • Once it is established as the underlying architecture paradigm, the KuppingerCole Analysts IAM Reference Architecture supports in continuously refining a standardized yet flexible next-generation IAM infrastructure, tailor-made for organizations within the hybrid reality of today's digitalized world.

Existing architecture concepts derived from the initial reference architecture can be easily adapted to the updated version due to the evolutionary nature of the architecture. In most cases, it will be sufficient to adapt the added and modified components and to check any newly added functionalities for relevance in the specific context.

Continue reading...
Read the full report and get access to KuppingerCole Research for 4 weeks.
Start Your Free Trial
Already a subscriber? Click here to login.