I’ve just returned from Chicago and the Cloud Identity Summit that was held at the Sheraton Grand Chicago. It was my first CIS conference and reminded me a lot of the now defunct Quest Experts Conference and The Burton Group Conference, both in terms of the content and scale. It definitely had a more intimate feel than the massive Microsoft Ignite category of event which attracts 25k+ attendees. 1400 attendees at CIS was a record for this event, but it still meant you got the 1:1 time with vendors and speakers which is fantastic.
Just like the Quest “The Experts Conference” (TEC) and The Burton Group Conference if you pick your sessions based on the synopsis and the speaker the sessions can be highly technical 400+ level and worthy of the 30 hr journey to get to the conference. I focused on my particular subject of Identity, so this summary is biased towards that track.
A summary of my takeaways that I’ll briefly detail in the post are:
- ID Pro
- Strong Authentication / Goodbye Passwords
- PAM and IGA
- SCIM 2.0
- FIDO 2.0
And before I forget, CIS is dead; long live CIS, now known as Identiverse which will be in Boston in June (24-27) 2018. Ping Identity have renamed the conference moving forward.
ID Pro
Ian Glazer in his keynote on Tuesday announced what has been missing from the IDAM Community. A professional organisation to represent it. Named ID Pro with all the details available here, it is professional organisation for IDAM exponents. Join now here for US$150. Supported by the Kantara initiative this organisation already has the support and backing of the industry.
Strong Authentication / Goodbye Passwords
There were numerous sessions around this topic. And it was fantastic to see that the eco-system to support the holy grail future of No Passwords, but Strong Authentication is now present. Alex Simons summed it up nicely in his keynote on Wednesday but setting the goal of 1 Billion Logins (without passwords) by 2018 launching the hashtag to go with it #1Billionby2018 Checkout the FIDO 2.0 summary further below.
Privileged Account Management and Identity Governance & Access
Privileged Account Management and Identity Governance & Access are better together. We knew this anyway and I’ve been approaching it this way with my solutions. It was therefore refreshing to be entertained by Kelly Grizzle in his session When #IGA meets #PAM through their mutual friend #SCIM. In essence SailPoint have been working heavily on their IGA offering but with the help of SCIM now at 2.0 they’ve been working with PAM vendors such as CyberArk to provide the integration and visibility the two need. Kelly entertaining and informative presentation can be found here.
SCIM 2.0
Mentioned above in the PAM and IGA summary, SCIM 2.0 is now ready for prime time. Whilst SCIM has been around for some time it hasn’t seen widespread adoption in my circles. But that’s about to change. Microsoft have been using it as a primary integration method with Azure AD with the likes of Facebook for Work. Microsoft also have a SCIM MA for Microsoft Identity Manager. I’ll be experimenting with it in the near future.
FIDO 2.0
FIDO first came on to my radar about 4 years ago. It is in a lot of the workflows we do every day (if you have a modern operation system – Windows 8+ and bio-metrics on your device or a FIDO compliant token). With FIDO 2.0 and U2F v1.1 and UAF v1.1 now complete the foundation and enabling services for Strong Authentication are ready to go.
Summary of the Summary
I’ve tried hard to not make this too wordy, but the takeaway is this. Identity is the foundation of who you are and what you do. With all the other disruption in the IT industry around cloud and mobility, identity is always the enabler. Get it right and you can make life easier for your users, more visible for your information security officers and auditable for your compliance requirements. Just keep up, as it’s moving very fast.
Still waiting to log in to my banking site with my face using my Surface Pro 4 camera.
Fetch, Fido, fetch.
Hi Daren,
Thanks so much for this article! I tried to follow some instructions from few other article and got in over my head. This worked so quickly and your instructions were very easy to follow. Really appreciate this.
And if this doesn’t work you can alternatively use Event type as “rule” and can write your own custom logic to trigger the event. I have a certification that was sent out in error which is currently active. Checking the settings of the cert I can see staging period was not used. I have read about the method if the certification is pending but I have not seen something that covers this scenario. So what are my options? would deleting the Certification Group via debug mode clear it up? or is there no way of cancelling/deleting it?
Would appreciate some help with this.
Thanks a heaps,
Abhiram