Laatste update:
IAM (Identity and Access Management) is all about giving people access to resources they either need for their work or simply for daily business. The goal isn’t important, but the context is. We’ve seen what RBAC, ABAC and PBAC can do but are we aware of what it can’t do?
All of these solutions present static rules for obtaining access to resources. But the world doesn’t work that way.
I might have to accept some T&C, I might have to proof that I’m a legal citizen of some country, perhaps I have to show that I’m credit-worthy, to get some reduction I have to show that I’m a parent for a large family. The scenarios are countless and any XBAC system, no matter how powerful it is, can’t cope with these use cases.
We need something that can adapt to these scenarios, something that can deal with these use cases, something that can handle the wide variety of workflows and user journeys. We need orchestration.
We’re in the dark, but there is hope…
These days most valued IAM vendors have an orchestration system on board. A system that allows to construct and visualise complex user interaction scenarios. While all will claim that no coding is needed anymore, the era of fairy tales is long gone, and you better have some qualified persons lined up. Nevertheless, the proposed solutions do work, but there are basically two angles from where the challenge is approached.
Some vendors provide fantastic visual tools to integrate all kinds of resources (directories, databases, web services) into a PBAC scenario. Obviously, we need that to make PBAC work. No problem with that.
Other vendors focus on the user journey and make it easy to visualise the interaction with customers. Especially in a CIAM (Customer Identity and Access Managment) environment that is of unmatched importance.
Let’s shed some light into the darkness
The good news is, there are solutions out there.
Employee onboarding will probably benefit more from solutions that focus on technical integrations. Products that take user journeys at heart will probably suite better for dealing with customers.
Right now, there isn’t a one-fits-all approach. But no worries, we’re here to help you.
