Have you found effective strategies to automate manual IAM processes like access remediation, access reviews, etc.? How do you overcome automation gaps in your identity security flows?

We handle numerous HR-driven identities by integrating with our HRIS, automating provisioning, deprovisioning, and role changes through seamless workflows with Workday. We also implement role mining and role-based access controls, automating access assignments based on dynamic rules. These strategies have significantly improved our management of user identities within the company.

Analyzing where manual requests are concentrated is crucial for effective automation. While many tools support automation, integrating business applications with IAM tools remains a challenge. We address this with an orchestration layer and use AI-based automation for role predictions and incident response analysis. Automating processes like role mining and audit tasks can significantly reduce workload and human errors, improving efficiency and saving costs.

Our approach involves identifying automation opportunities through a thorough analysis of ServiceNow tickets to pinpoint recurring issues. We use tools like Ansible, Python, and PowerShell to automate processes, which are executed via ServiceNow or our automation server. For access reviews, we leverage our identity governance and administration (IGA) tool, Omada, which manages both on-prem and cloud-based admin accounts. Access reviews are conducted through Omada, with a two-level confirmation process involving the user and their manager.

Automation is still a developing area for us, but we’ve made some progress. Access control should be straightforward, and coming from an audit background, I understand the importance of having IAM controls in place. We’ve transitioned from VPN to a secure service edge, using Netskope for cloud access, which has simplified our access processes. Okta has been instrumental in streamlining access by allowing users to log into Okta first and then automatically access other systems. However, I have yet to find a product that effectively automates access reviews.