Executive View

ZertID from Sysintegra

Sysintegra ZertID is an IGA solution that is built on top of the ServiceNow platform. It integrates natively with ServiceNow features such as the CMDB and Security Incident handling. By utilizing capabilities such as the data management and workflows of ServiceNow, and with full user interface integration into the ServiceNow portal, it is a lean and efficient solution for IGA. All areas of IGA such as User Lifecycle Management, Provisioning Connectors, and AccessGovernance are supported. For ServiceNow customers, ZertID provides an interesting alternative to established IGA solutions.

Martin Kuppinger

mk@kuppingercole.com

1 Introduction

IAM (Identity and Access Management) and, within that domain, IGA (Identity Governance & Administration) are essential elements within IT for managing users and their access entitlements. IGA is focused on the Identity Lifecycle and Governance, i.e., creating and managing users and their accounts, and managing the access entitlements. This includes the required governance, such as regular access reviews and other activities.

On the other hand, ITSM (IT Service Management) also experienced a major uptake, driven by cloud-based solutions that simplify deployment, roll-out, and usage in contrast to the frequently rather complex and technical approaches in that segment. This segment is led by ServiceNow, who has a very significant number of customers on their ServiceNow platform.

There is virtually no IAM project that does not include a discussion about whether and how to integrate ITSM and IGA. While such integration is reasonable, we have seen several projects which led to an approach of rebuilding IAM on top of the ITSM product, e.g., the ServiceNow platform. Such "build your own IGA on your ITSM tool" approaches are made to fail. There are various reasons for such failure:

  • It leads to home-grown software that needs to be maintained for years. Many of such projects struggle early, during development, or latest after a few years, when the initial developers have moved to other jobs or left the organization.
  • While initial steps such as creating Microsoft Active Directory (AD) accounts might be straightforward, complexity increases quickly, in various areas. Connectors to complex legacy systems such as mainframes or Lotus Notes are hard to build and maintain. Not to talk about SoD (Segregation of Duties) enforcement or complex models for entitlements such as multi-layer role models.
  • Some of the logic within IGA (as for SoD policies or role management) is not simple. An initially small project might quickly grow to unexpected complexity and cause significant cost.

On the other hand, integration is - as mentioned - strongly recommended, if not even mandatory. This could happen by linking ITSM portals to IGA requests, and by using ITSM for manual fulfillment within IGA. Manual fulfillment is the norm for many systems that are not connected to IGA for automated provisioning. In many organizations, the vast majority, frequently above 90%, of the applications are not provisioned automatically.

While some vendors provide out-of-the-box integrations to leading ITSM platforms such as ServiceNow, in many cases such integration needs to be built on a per-project basis. While this is far less effort than trying to rebuild IGA on top of ITSM, external integration still might cause significant complexity and cost.

Sysintegra, a ServiceNow Elite Partner, headquartered in Australia, delivers an IGA solution built on top of ServiceNow as a "Now certified app", and thus provides out-of-the-box integration between IGA and ITSM.


Full article is available for registered users with free trial access or paid subscription.

Register and read on!

Sign up for the Professional or Specialist Subscription Packages to access the entire body of the KuppingerCole research library consisting of 700+ articles.

I have an account
Log in  
Register your account to start 30 days of free trial access
Register  
Subscribe to become a client
Choose a package