Since I went to Okta’s conference a few weeks ago, I’ve been thinking a lot about identity management, provisioning, and the idea of users and business units choosing their own cloud apps.
All the interesting developments in this space can be illustrated in a few anecdotes (Bear with me, I’ll tease out some conclusions at the end.)
Anecdote 1: Okta and provisioning
At Oktane, one of the big themes for Okta was automatic account provisioning. Automatic provisioning isn’t the easiest thing to do. (SCIM and SAML can be used to automatically provision accounts in cloud services, but Okta said they also do a lot of manual integrations with ISVs’ provisioning APIs. At the show they also launched a new provisioning SDK for ISVs, and currently they support provisioning in about 75 different apps.) However, once provisioning is available there are a lot of benefits. First, there’s the security and peace of mind that comes from automatically being able to deprovision users. Second, there’s convenience. In a keynote session, Okta customers talked about how automatic provisioning makes it a lot easier to say yes when business units ask to use different cloud apps, since it saves all the time it would take to set up users manually. (See the Day 2 Keynote video on this page, from 42:00 to 51:30.)
Anecdote 2: BYO Apps
A few months back, I wrote that users bringing their own apps (and the potential ill effects) aren’t as big of a problem as they used to be. There were a few reasons for this, but one of them is that a lot of productivity app startups are now providing enterprise options, with all of the appropriate management controls.
Anecdote 3: Dropbox and user capture
After the recent Dropbox Open conference, I was reminded about their strategy to get users hooked on a great consumer product, and then get companies to adopt Dropbox for Business or Dropbox Enterprise. Dropbox even has even have an “account capture” feature that can migrate existing accounts into Dropbox Enterprise.
Anecdote 4: Having tons of cloud apps
Last week a friend was telling me about how their company uses Jive, Jira, Google Drive, Slack, Confluence, Flowdock, Workday, Workfront, Webex, and many other cloud services. The company isn’t that big, but it’s hard to find things because they have to look in so many places, and it’s hard to collaborate across departments. They do use an identity management service, so at least it’s easy to get into everything. The friend wondered how much money the company had spent, since many of the services overlap each other.
What can we conclude?
Let’s look at what conclusions we can draw from these anecdotes. (I told you I’d get to a point!)
We can all agree on the benefits of federation and single sign on; now the next important step will be automatic provisioning integrations. Of course in reality SSO for cloud apps is still a long way off for many companies, and provisioning will be further.
Regardless, these technologies are key for reigning in all the new cloud apps that business units want to bring into companies. They make employee choice and BYO app into more of a reality by reducing the friction and overhead for IT. Account capture tools that bring rogue users and services into the fold could easily become the next important part of this trend.
Companies will still have to put thought into what services they want to pay for. For example, there is the whole issue of individual teams using their favorite services versus enabling collaboration across the whole organization. (And there’s still an issue of what happens when a company says no, but a small group wants to use a service anyway. Are we right back at where we started?)
The bottom line, though, is that automatic provisioning (on top of other identity management concepts) means that the choice of apps becomes more of a business decision and less of an IT decision.