Looking
Into IGA or life cycle management, which is about integrating HR and others to target systems. There are still a couple of vendors which provide a pure play identity provision solution compared to many vendors which have an integrated IGA system. It's more the technical baseline capability, which cares for bringing data from source to targets. So the technical flow of information from source system to target systems with connectors to both sites source and target systems is what lifecycle management or identity provisioning is about. So it ensures this automated provisioning with the changes of identity and entitlements in target systems. What are the main capabilities here?
One of the key and essential features is having connectors to the source and the target systems and systems in that space clearly differentiate by the breadth of connectors. So how many connectors to which types of systems do they have? Do they support all the new SAS services you're onboarding? Do they support specific systems? Maybe if you have a mainframe and other stuff and the connector death. So how deeply are they integrated? If you take SAP a as a very complex authorization model with business roles and single roles and authorization, objects and transactions. So how deep can they integrate? These are very important aspects to look at. When you look at the capabilities, they also usually come with some level of data mapping and data integration capabilities. So unless you rely on a specific data integration platform, this might be where you map data, which comes from different HR system and other sources. And there's the importance of the automated provisioning flow. So how can you automate the flow for the things which don't need an involvement of the users? How can you also reach out for involvement of users where required triggering the workflows for human interaction whenever required,
And last, not least. There's also the concept of automated reconciliation, which is looking at, for instance, active directory and looking at what has changed since the system last provisioned to active directory. And if there's something happening as a change directly in active directory, that is a situation which should be identified because there might be unauthorized changes, at least changes, bypassing your lifecycle and provisioning. And then you need to act on these, identify these, roll them back, or at least involve someone to identify whether this is correct. This is lifecycle management piece of IGA.
