Reed Henry, CEO
Identity access management and governance starts the moment an employee joins an organization. The dream is to automate everything else downstream from there, but for most organizations that it isn’t possible. Today, once an employee is entered into a company’s HR management system, the employee data often has to then be manually entered into the various applications, directories and devices, such as Active Directory and other business applications. Identity access (IAM) and governance (IGA) platforms are often purchased to bring automation and governance to this very problem, but these platforms are hindered by a lack of connectivity. Further, COVID-19 pandemic has led to a shift towards an increasingly remote workforce, which means employees are logging in from less secure environments. Organizations need to tightly control access to applications and automate this as much as possible. And a result, automated user provisioning to and deprovisioning from applications is more important than ever along with continuous governance monitoring to ensure access has been appropriately assigned.
The challenge is twofold. First, most HR applications are not automatically synchronized with the IT infrastructure or IAM/IGA platforms. It is not uncommon for IT staff to manually enter employees into Active Directory and other business and IT infrastructure applications. Secondly, by not fully deploying the identity platforms, enterprises are more vulnerable to entitlement creep and delays in removing access from leavers, which make organizations vulnerable to security risks. Organizations also waste many hours manually managing application access, which is error prone and often leads to more entitlement creep. Identity platforms have rich automation and governance capabilities but the lack of connectivity leads to continued manually effort, reduced security posture, and erosion of expected ROI with identity platform deployments. This results in partially deployed IAM/IGA platforms and an explosion of compensating manual processes to close the gap.
So, what are the ramifications of these incomplete identity platform deployments? First, the promised ROIs of identity platform investments are not realized. Secondly, employees have to wait for manual processes to complete to gain access to the applications they need to do their jobs. Next, departing employees are not removed from the applications they have been assigned, leaving security holes open. Next, identity governance of applications that are not integrated with the IGA platforms require manual processes to manage file extracts of accounts and their entitlements from each application. The resulting manual processes require continually auditing by both internal and external auditors to ensure the integrity of the files that are handled by staff. The common result of all this is the addition of staff to handle all the manual compensating processes and unrealized value from identity management platform investments.
One of the first vendors to find a simple and effective solution to this problem is Silicon Valley-based Aquera. Aquera has developed a first-of-its-kind identity integration platform as a service that closes this gap by expanding the connectivity of identity platforms to required applications, databases, directories, and devices, so organizations can fully automate identity operations, ensure access security by continuously monitoring access entitlements, and accelerate ROI. Across all end points Aquera normalizes the identity schema and methods of application interaction (APIs, database calls, robotic automation, etc.) into single API with a normalized schema and set of interaction protocols using the SCIM (System for Cross-Domain Identity Management) IETF standard, which makes the integrations very simple to deploy and compatible with the various IAM/IGA platforms in the market today.
Bridging the Real-time Connectivity Gaps
The Aquera platform helps clients
integrate HRMS applications and identity
management platforms using a single
unified API to their entire IT infrastructure
At the core of Aquera’s offerings is a robust identity integration platform that simply and comprehensively covers an organization’s requirements for various identity integrations use cases. With this powerful capability, which can address the most complex of integration scenarios, we expect to evolve our offerings to meet our customers’ changing identity integration needs over time. The company’s identity integration platform is comprised of point-and-click SCIM gateway and Orchestration modules that bridge the real-time connectivity gaps for HR applications and identity governance and lifecycle management platforms. The Aquera SCIM Gateway module allows any identity management solution to integrate with any endpoint cloud or on-premise application, database, directory, or device for effectively managing identity lifecycle and governance functions. The Aquera Orchestration module provides the required scheduling, event detection, field mapping, and delta detection capabilities to synchronize changes from any HR application to any identity management platform such as Okta and SailPoint, or any directory such as Active Directory and JumpCloud. According to Reed Henry, CEO of Aquera, “The Aquera platform currently supports over 400 prebuilt connectors for HR synchronization, governance entitlement aggregation and identity lifecycle management, and we add new connectors, on-demand, in a few days each.”
Aquera’s platform boasts many innovative modules that are first-ever in the industry. These include an HR-driven identity onboarding bridge syncing HR data to any application or identity platform, and an automation module for the workflow associated with file extracts of account entitlements from disconnected applications. “The Aquera platform helps clients integrate HRMS applications and identity management platforms using a single unified API to their entire IT infrastructure to automate all identity governance and access management processes,” according to Jerry Waldorf, CTO of Aquera.
Well-positioned to Drive Identity Integration
Highlighting the value of its solutions, Henry shared customer stories. One instance was with a large pharmaceutical customer that used Okta and Aquera to automate the onboarding and offboarding of employees across their organization. Second, a regional bank with SailPoint IdentityIQ is using Aquera’s real-time connectors to automate the provisioning and aggregation of their core applications and for the remainder, Aquera automated the manual handling processes for the user entitlement file extracts. Another example shared was about a regional retailer that used Aquera to synchronize ADP Workforce Now to Active Directory, facilitating their HR-driven IT infrastructure.
With its track record of providing out-of-the-box simple and effective identity integration for applications and IT infrastructure, Aquera is poised to scale rapidly as it is discovered by more organizations. And with the breadth of the platform’s functionalities, Aquera is positioned well to drive identity integration across all organizational operations. “We aim to resolve all identity integration challenges and enhance the identity governance of business applications to better protect organizations and automate their employee onboarding and offboarding IT processes,” concludes Henry.