Identity and access management as a cloud-based service eliminates time, pain and cost

Gartner says that identity and access management offered as a cloud-based service (IDaaS) is an up-and-coming market for a growing need. As more enterprises utilize more applications as a service (SaaS), they need an easy way to provision users and oversee the rights that have been assigned.

Venture capitalist Marc Andreessen may have proclaimed 2012 as "the year of SaaS," but experts believe the market for applications in the cloud is just getting ramped up. More and more companies are realizing that SaaS apps can make their lives easier by helping them address their business needs in a timely fashion while also reducing their IT overhead burden.

Despite the fact that the SaaS model means the application and associated infrastructure are under the control of the service provider, there's still a big IT challenge. The company using the application is still responsible for the core functions of identity and access management (IAM). That is, the company must handle its own provisioning and de-provisioning of user access rights and be able to automate the administration of user accounts and demonstrate ongoing compliance with regulatory and internal policies. According to Gartner, this can be a real challenge because SaaS supplier support for standard IAM interfaces is minimal.

BACKGROUND: The cloud services explosion

Traditional on-premises IAM solutions aren't a good fit with SaaS applications. In today's era of cloud computing, it takes way too long and costs far too much to implement an old-school IAM system. Such systems aren't flexible enough to handle new business processes or applications -- especially those outside the enterprise firewall, such as SaaS applications -- when they are added to the computing mix.

Now there is a small but growing market for IAM offered as a service, or IDaaS. Interest in IDaaS comes from midsize to large enterprises that need to manage access to applications in the cloud as well as to legacy on-premises applications. These organizations want a single IAM solution that can provide secure account provisioning across both environments. They also want a solution that doesn't require a big investment in outside expertise to develop or customize all the application connectors.

One company targeting this market niche is Identropy. The company just released a revamped version of its operations platform called SCUID (pronounced "squid"), which stands for Secure Cloud-based Unified Identity Platform. This version, called SCUID Lifecycle, is hosted in a private cloud so the software can be updated as needed to accommodate frequent changes in business requirements.

SCUID Lifecycle works across a hybrid enterprise to manage both on-premise applications and cloud applications. It provides several identity lifecycle management services, including:

  • Self-service for access requests and password management
  • Workflow-based administration and provisioning
  • Automated provisioning and de-provisioning
  • Governance via identity recertification and reporting

SCUID Lifecycle connects to SaaS applications directly using the providers' own native APIs. This enables Lifecycle to execute actions such as reconciliation, provisioning and de-provisioning, and recertification. There is an emerging standard called SCIM (pronounced "skim"), which stands for System for Cross-domain Identity Management. Once the standard is ratified, it will be a means for SaaS applications to support the IAM transactions. Until then, Identropy works with the various application providers using their own APIs.

For an enterprise's on-premises applications, SCUID Lifecycle uses a virtual appliance component called Identity Connector for the Enterprise (ICE). It is hosted in the enterprise's own data center. The main function of ICE is to provide secure connectivity between Identropy's cloud-based software and the enterprise's data center hosted applications.

SCUID Lifecycle uses an intuitive user interface (UI) so non-technical employees can provision access to applications. There's an assisted workflow aspect that helps users generate requests and move them through their logical steps, such as management approval of requests for application access and IT or business units granting access. Built-in data intelligence helps guide entitlements based on attributes like an employee's department and role. There's also a built-in reference architecture that consists of pre-configured templates that will address the vast majority of an organization's needs. Identropy put a lot of development time into make the UI natural for everyone to use, which effectively speeds up process of administering identities and access.

Compared to traditional on-premises IAM solutions that can cost $1 million or more and take a year or so to implement, SCUID Lifecycle can get an organization up and running in less than two months and for a fraction of the cost. Identropy starts with a three-week assessment of an organization's applications -- both on-premises and in the cloud. The vendor takes about a month to get everything set up, including all the connectors into the various applications. This one-time setup process costs $50,000. After that, a customer organization pays a monthly service fee per user. Because this is a cloud-based solution, all software enhancements are included in the per user fee, so there are no "upgrade" costs or cycles.

As enterprises increase their need to provision access to new and technically disparate SaaS applications as well as to on-premises applications, SCUID Lifecycle can facilitate the task at a lower cost and in shorter time than traditional IAM solutions.

Linda Musthaler is a principal analyst with Essential Solutions Corporation. You can write to her at


About Essential Solutions Corp:

Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.

Copyright © 2013 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022