IGA and PAM are two technologies that historically have been siloed, with IGA focused on identity governance and administration and PAM focused on controlling access to privileged accounts. SCIM (System for Cross-Domain Identity Management) provides a standardized API and data model to integrate IGA and PAM by allowing user and group information to be shared between the systems. The SCIM PAM extension further augments SCIM to define concepts for managing privileged data and access control between IGA and PAM, joining these two important security domains.

1. When IGA meets PAM…
Through their mutual friend SCIM
Kelly Grizzle

2. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 2

3. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 3
You might be starting to feel like…

4. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 4
To avoid this … we’ll have FUN WITH MAD LIBS!!!

5. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 5

6. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 6
Gimme some words!!!
Emotion
Adjective
Plural noun
hung overness
strong
computers

7. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 7
What are we talking about?
• What is IGA?
• What is PAM?
• What’s the problem?
• How do we join these two worlds?

8. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 8
What is IGA?

9. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 9
Identity Governance and Administration
Governance
• Access Review
• Approval
• Policy Checking
• Role Management
• Analytics
• Auditing
Administration
• Access Request
• Account Management
• Password Management
• Identity Lifecycle
Management
• Provisioning
• Automated Workflows

10. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 10
Words!!!
Occupation that starts with “C”
Plural noun
Place
dogs
Coroners
Bars

11. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 11
What is PAM?

12. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 12Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 12
Privileged Access Management
Controls access to privileged data –
most often credentials for privileged
accounts

13. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 13

14. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 14

15. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 15

16. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 16

17. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 17

18. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 18
Privileged Account Management Provides
• Account sharing
• Tracking and auditing actions taken with privileged accounts
• Passwords become invisible to end users
• Automatic rotation of credentials
• Highly secure passwords

19. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 19
More words!!!
Adverb
Body part
Plural noun
Adjective
fingernail
slowly
identerati
handsome

20. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 20
What’s the problem?

21. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 21
Two Amazing … But Siloed … Technologies
• Historically, IGA and PAM systems have not been integrated
• Most companies that care about security have a need for both
• IGA software is a bit weak in dealing with shared accounts
• Who owns the account?
• How do you request access to a shared account?
• PAM software does not provide governance controls
• No access reviews
• No policy checking
• Etc…

22. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 22
Words Please!!!
Plural noun that starts with “M”
Emotion
Food or drink
fearful
Monkeys
coffee

23. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 23
How to join these
worlds … SCIM!

24. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 24Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 24
What is SCIM?
System for Cross-Domain Identity Management

25. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 25Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 25
Identity Management
+
REST
=

26. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 26
SCIM PAM Extension
• SCIM provides a REST API and JSON representations for users
and groups
• The SCIM PAM Extension is a new specification that augments
SCIM 2.0 to bridge IGA and PAM
• New concepts in SCIM PAM extension:
• Privileged data
• Containers
• Access control lists for containers and privileged data

27. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 27
Who is involved?
And more…

28. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 28
The Payoff???
• There is now an industry standard to integrate IGA and PAM
• Standardized API allows any two solutions to plug together easily
• No software upgrades required to support new vendors
• IGA and PAM systems no longer have to be siloed

29. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 29
Final words!!!
Occupation
Place
Positive characteristic
Plural noun
The White House
Movie Critic
enthusiastic
sheep

30. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 30
Do you believe in ___________ at first sight? Well neither did
Iggy or Pam. At least not until that ___________ day six
months ago. You see, both Iggy and Pam grew up believing
that a person can be ___________ in life with any number of
the billions of ___________ on this earth.
When IGA meets PAM …
hung overness
strong
fearful
computers

31. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 31
Iggy and Pam both shared the same profession, and as luck
would have it, they both attended the conference for the
Society of _________________ in favor of ______________
(aka – SCIM). In fact, on Thursday … the last day of the
conference … they happened to sit next to each other in the
session - ____________ are from ___________
___________ are from ______________ - presented by the
brilliant ____________________, Professor Griz.
When IGA meets PAM …
Movie Critic
The White Housesheep
Barsidenterati
MonkeysCoroners

32. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 32
In this session, Pam learned that even though she was very
________________ that she often lacked transparency. Iggy
learned that his most sensitive part – his ________________
_______________ – deserved the same level of attention and
protection as the rest of himself. Through these epiphanies,
Iggy and Pam both realized that they needed each other. Iggy
asked Pam if she would like to join him that evening for
_______________. She said yes, and the rest is history.
They lived ____________ ever after – thanks to SCIM and
Professor Griz.
When IGA meets PAM …
enthusiastic
slowly
coffee
fingernail
handsome

33. Copyright © SailPoint Technologies, Inc. 2017. All rights reserved. 33
Need more info?
SCIM – http://simplecloud.info
SCIM PAM Extension (early draft) - https://tinyurl.com/scim-pam-ext
SCIM Core Schema - https://tools.ietf.org/html/rfc7643
SCIM Protocol - https://tools.ietf.org/html/rfc7644

34. Thank You
@kelly_grizzle
kelly.grizzle@sailpoint.com