<<This article has outdated information as some of the IGA vendors like SailPoint and Okta now provide out-of-the-box connector for Workday>>
Identity Management (IDM) systems commonly use an Authoritative or Trusted Source as their source of user information which flows down into the system. In other words, Creation, Modification and Deletion of user Identities are originated in an Authoritative Source. A corporate Directory (LDAP store) is a good example, but in most of the cases, HR management system is used as a Trusted Source of user information. There are many HR management systems today which have been used in organizations to fulfill the need of their HR Processes. Some common examples are Oracle EBS, SAP HCM, Workday, and PeopleSoft.
Identity Management (IDM) systems commonly use an Authoritative or Trusted Source as their source of user information which flows down into the system. In other words, Creation, Modification and Deletion of user Identities are originated in an Authoritative Source. A corporate Directory (LDAP store) is a good example, but in most of the cases, HR management system is used as a Trusted Source of user information. There are many HR management systems today which have been used in organizations to fulfill the need of their HR Processes. Some common examples are Oracle EBS, SAP HCM, Workday, and PeopleSoft.
It wouldn’t be wrong if I call IDM’s integration with
Authoritative Source as “Backbone of the IDM implementation”, as the most
important information for an IDM system, User Identity, is being reconciled
from this source. A well implemented integration with user identities source adds great value and quality throughout the value chain of Identity Management
implementation.
Most of the IDM systems today, include a rich set of pre-defined (built in) connectors to
integrate with common Directories, Databases, Operating Systems and Enterprise
Applications including HR Management Systems. When a predefined connector is available, IDM Systems recommend it
as a preferred integration method to connect with target system. It’s due to
the fact that predefined connectors are designed specifically for that application,
and offer the quickest integration method. These built-in connectors use target
system recommended integration technologies and are pre-configured and pre-tested
with target system-specific attributes.
Though we can always custom build an IDM integration with Trusted
Source by using available integration option which could be a Flat File, a
Database staging table, a Direct pull based access to source data (DB, LDAP
etc.), an Abstract pull from source data (using API, Web Service etc.) or an
Event Driven push from Authoritative source to IDM system. But a pre-built
connector should always be prioritized to avoid complexities (trust me there
are a lot :) ) of
connecting two different technologies especially in case where Trusted source
is an HR system.
Almost all famous IDM systems provide a list of
pre-defined connectors for known business applications including HR systems
(Oracle EBS, PeopleSoft, SAP HR and JD Edward etc.) and technology applications
(Microsoft AD, Unix, Databases, RSA ClearTrust etc.). Unfortunately, Workday HRMS is not in the list of
pre-defined connectors of any known IDM vendor, which compels IDM experts
to implement a custom integration with Workday system whenever required.
Following is a list known of IDM systems that have also been
nominated as Leaders in Gartner Magic Quadrant for Identity Governance and
Administration 2015.
- SailPoint IdentityIQ
- RSA Via LifeCycle
- Oracle Identity Manager
- IBM Security Identity Manager
- Courion Identity Manager
- NetIQ Identity Manager
All (or at-least most) of the above IDM systems have been
providing pre-defined connectors for common authoritative sources i.e.
- Oracle E-business suite
- Peoplesoft
- SAP HR
- MS Active Directory
- Siebel
- Salesforce
- Azure Active Directory
Same is true for following other well-known IDM systems,
which have also been providing pre-defined connectors for famous HR systems
except Workday.
- CA Identity Manager
- SAP IDM
- NetIQ Identity Manager
- Dell One Identity Manager
- Hitachi ID Identity Manager
- OpenIAM Identity Manager
- Microsoft Identity Manager
- ForgeRock OpenIDM
As pre-defined connectors of IDM systems are not built
without the support of target system and require a handshake between both the
parties, I hope Workday will soon be ready to support and provide public
documents and external interfaces for such integrations.