User provisioning provides the foundation for effective lifecycle management of user identity and access rights in complex IT environments. Historically, enterprises have addressed this critical need through a combination of business process and integration of premise-based applications with management tools. These tools have included local directory services, identity services and user provisioning and role management solutions. The recent rapid adoption of SaaS and cloud-based applications is now significantly straining the on-premise capabilities of existing IT models and approaches.I think there are lots of executives and IT staff who are running around thinking that SaaS is the promised land. If you consider an SaaS application as "just another application" you will understand that your end-user identities still must be managed in that SaaS application. How are you going to provision, de-provision and update those identities? How are you going to manage the namespace of your corporate identities and the namespace of your SaaS application's identities? (Don't make me break out the Venn diagrams!)
We have a standard called "Services Provisioning Markup Language" (SPML) which was specified to help provision identities via a web service. Does your SaaS vendor support that standard? I'll bet they do not! What do you do then? I've met with hundreds of customers over the years and many are still struggling with provisioning inside the enterprise! Throw in SaaS provisioning - via some hairbrained interface because the vendor doesn't support SPML - and it only adds to the organization's identity management complexity.
Don't get me wrong. There's lots of promise with SaaS. Unfortunately, the road to the SaaS promised land passes through a few mine fields on the way...
SaaS, SPML, Conformity, identity management, cloud computing