Welcome, everyone. Welcome to our vUNITE session, the technical alliance partnerships we built at One Identity. This is going to be a technical alliance review. I'm your host, Rob Kraczek. And with me is Bruce Esposito. Today, we're going to cover a number of different solution sets. But I think for right now, we should define what a technical alliance partnership is.
So a technical alliance partnership or program is essentially a way for us to come to some sort of agreement with another technology provider to create synergy between the two organizations' products. That could be something as simple as creating a simple out-of-the-box integration to provide single-sign-on to a solution, to something as in-depth as creating a solution accelerator for our partners to then tie two solutions together. But the key is building the relationship.
Today, we're going to highlight three separate organizations that we've either built a solution set with as a cooperative effort, we've combined out-of-the-box capabilities into technical briefs and solution accelerators, or we've taken it upon ourselves to develop something that will help our customers and our business partners with their implementation, which in this case, would be ServiceNow.
There are also a number of other client companies that we've decided to partnership as part of this technical alliance program. As you can see on the slide here, there's RPA vendors like Blue Prism or UiPath. There's large vendors like Microsoft, where they have, obviously, Azure capabilities that we can complement as part of our IGA suite. We've also partnered heavily with Ping Identity this year and, of course, ServiceNow.
So when you take a look at these alliance partnerships, whether it's a One Identity-led program or something from another vendor, where they're cooperating with One Identity in another way, keep in mind that these partnerships could vary in their scope, depth, and breadth.
Today, Bruce Esposito is going to interview Jennifer from SecZetta. Bruce?
Thanks, Rob. So now I'd like to introduce Jennifer Kraxner, who's a Solutions Advisor with SecZetta, one of our key partners here at One Identity. So hi, Jennifer. Tell me a little bit about SecZetta.
Hi there. Yes, thank you. So SecZetta is actually a third-party identity and risk solution. Our roots go actually way back about 16 years ago is when SecZetta first came into being, and we were really a systems integrator. We spent a lot of time and a lot of years helping organizations implement identity technologies.
And during that time, we identified a gap that existed around third-party, nonemployee entities. And that gap is really around having a good system of record and an authoritative source for those sorts of folks. And in that realm, as we discovered this gap, we shifted into more of a software company and developed a solution to really close that gap. And now we work closely with systems integrators and technology partners like One Identity to really help organizations mature their identity programs specifically around third-party nonemployees.
Excellent, that's interesting. So tell me a little bit more this idea of the third-party identities. What would be some of the use cases? What are some examples of where customers would be managing a third-party identity?
Sure, yeah. You know, I think that the best way to really start that conversation is to talk a little bit about employees, so somebody that we would not consider a third-party, nonemployee person. And when it comes to employees, I think what we're looking at here with this slide is a pretty typical identity and access story for an employee.
You know, it begins with this onboarding process and a management process by an HR team and their manager. And all of that process and the data that's gathered about an employee ends up in an HR system. I know Workday, SAP-- some of those systems are frequently work with One Identity as well.
And so these contributors-- HR, a manager, all of those folks really proactively manage the lifecycle of that employee within that HR system. And that means they're creating and very proactively maintaining that authoritative record for these employees, right? We trust the data that comes out of those systems to feed into One Identity Manager.
And this is all very important, as that authoritative data is necessary to determine not only what kind of access a person has, but when it should be provisioned, when it should be removed, all of the necessary Joiner, Mover, and Leaver processes that One Identity Manager handles so well. And this process that we're looking at here is really that employee process when you think about it.
So when we talk about what is the gap that exists around nonemployees, it's because there is not that HR system or that authoritative source, because HR systems are intended to house employee information. So this is really that gap that SecZetta fills.
You know, when we talk about third-party nonemployees, whether that's contractors or affiliates or partners or volunteers, those sorts of folks, SecZetta really offers the ability to manage all of these different population types, have all of the different necessary contributors really play a part in their lifecycle management at a very high level to better understand the authoritative identity data about those people. And then we, as that authoritative source, feed that information into One Identity Manager in order to actually provision, deprovision, and govern the access that those folks get.
Makes sense. So in a sense, the SecZetta solution is kind of like the HR solution for nonemployees. It's a similar functionality.
You're absolutely right, yes. You know, we really serve the purpose of being that authoritative record repository just like an HR system, but we do so in a way that can really manage all of the different population types that you run into when you're dealing with nonemployees. You know, a contractor might be onboarded or terminated in a much different way than, say, a volunteer or a supplier or a partner would be. So we can really support each of those processes effectively. And also consider risk. So risk is a big part of what we do as well when it comes to third-party nonemployees.
So tell me a little bit about the integration between the SecZetta solution and One Identity Identity Manager.
Sure, yeah. So our integration with One Identity Manager-- again, it's very similar to what a Workday integration or an SAP integration would be. As nonemployees are onboarded within SecZetta, we create profiles and authoritative records for those nonemployees. And then we can proactively push that data, that identity information, into One Identity Manager. And it's via an API call. So we push that information into One Identity Manager for One Identity Manager to then create that digital identity and perform all of those Joiner, Mover, and Leaver processes as appropriate.
Yeah, OK, that makes a lot of sense, then, because I know sometimes customers have tried to build that functionality for nonemployees within Identity Manager, which you could do. But it becomes a large custom project. Having the SecZetta solution does-- it's kind of just all there turnkey, plugs right in like you would another application and be able to feed and manage those unique identities to that environment.
And so I also assume then-- obviously, so SecZetta's managing the identity. And then One Identity Manager obviously does what it normally does with an employee. At that point, it can handle provisioning to your point, approvals, and all the general functionality that the identity management system would do for an employee. It can handle the same kind of workflows or whatever for nonemployee-type users.
You're absolutely right.
So, Jennifer, what are the key benefits to kind of summarize of integrating SecZetta and One Identity Manager together?
Yeah. You know, really, it's very straightforward. Key benefits are, as we've talked about, lifecycle coordination, so being able to really understand and coordinate the life cycle of these nonemployees, and doing so via API actions, being able to really communicate that to One Identity Manager in a very real-time way, so not in necessarily a scheduled, waiting once a day to download and import new identities and new profiles.
We also enable risk-based decisions, which are extremely important when it comes to third-party organizations and third-party nonemployees. And SecZetta is also a no-code solution. So all of the integration with One Identity Manager is actually a configuration within our system. It's not something that has to be coded and customized in an implementation in order to take advantage of it.
And then there, of course, is relationship management, really understanding all of those contributors from internally, the sponsors, the procurement office, the project managers, everybody that's really part of potentially a third-party organization relationship. We're able to really track that relationship and provide that information to make certifications and different attestations much simpler downstream within One Identity Manager. And that really speaks to that collaboration piece as well.
Excellent. Well, thank you for your time today, Jennifer. We appreciate you helping us understand our partnership with SecZetta better.
Yes, thank you very much for having me. This has been great.
So now you've heard from Bruce and Jennifer. Thanks, Jennifer from SecZetta. She's done a great presentation, and we're really excited about that solution that they're offering through with our IGA program. Next, we're going to talk to Baber Amin, who is with Ping Identity. As some of you may know, we entered a TAP agreement with Ping Identity April 2020.
And we've been working on solution briefs and white papers around synergies between our two solution sets. The TAP partnership with Ping has been a highlight of our year this year. We found in approaching them that we've had a lot of overlap from a customer and partner perspective. And our products complement each other very well.
Baber, thanks for joining us. How do you feel about TAP agreements with IGA partners and other vendors? And is that something that Ping looks forward to doing? And what's your perspective on that?
Morning, Robert. Thank you for having me. TAP is actually very, very important. For Ping the TAP agreements, our partnership, the alliance partnership agreements. And the main reason is that-- what do they say? It takes a village to raise a child. Well, it takes multiple technical controls and multiple partnerships and multiple vendors working together to get the IAM system or get your security right. We all bring different aspects in different areas to that control plane.
And sometimes, customers have different needs or different scenarios where they might already have one of our products, one of your products, or somebody else's product already working and providing them some value. And they want to enhance that value or increase it or broaden the scope. So there is ample room for working together and making things interoperate.
And that's also the reason that we all like using standardized protocols. It always reminds me of when the Industrial Age started, before that, you were making all these widgets, and everything was done by hand, which means that there wasn't precise machining, and every part was different. And then when we started machining things, everything was turned into a widget, and you could have interchangeable parts. And that's what the value of standards is, so that we all can work together, and customers get better value from that.
Yeah, I couldn't agree more. I think standards, in particular, things around identities and the security of the identity, are paramount to a secure environment. And it gives the customer the ability to add or remove pieces as needed as their environment evolves. You know, we've heard of digital transformation and how that's moving forward into the cloud.
And then the question of hybrid or pure SaaS, or are they hosting on prem? But underneath all of that is, what standards are you going to use for your identities? What standards are you going to use for your networking? It's all about standards and open protocols and making sure that everything works together. And we found that, in working with Ping, that your solution set adopts that approach 100%. And we do this [INAUDIBLE]--
Oh, definitely.
Yeah, and as we move forward into RPA and Zero Trust, that's going to be even more important as people start to converge these disparate systems into, as you said, some sort of engine that can be mass produced, or maybe scaled out is a better term, for a single environment. But that leads me to my next question-- how do you view IGA in the context of a Zero Trust model? Is that something that's important, do you think? Yeah.
Yeah, yeah, because remember that Zero Trust is a layered approach. It's a defense in depth approach. You and I have had this discussion before, right, that it's not about being inside the wire. You might be inside the wire, but you still can be challenged, and you do need to provide some mechanism and some type of authority or some type of trust that the system can appreciate, and the system can rely on.
So entitlements go hand in hand with that whole model because especially if you can have your entitlement system be intelligent enough to make real-time changes, access enforcement can only work based on the entitlements that were granted or not granted. So you can deploy an access enforcement system all day long. But if you don't have the entitlements set correctly, the access system will enforce those incorrect assignments perfectly, and just to have a problem.
Yeah, exactly. So what's the old term? Garbage in, garbage out. So having IGA as a core to address policy changes and to validate through attestations and access reviews, and that's all incredibly important to a modern environment where you have multiple identities. Particularly as you add RPA into the process, because now you have these robotic processes making decisions outside the purview of a human.
And what happens if those are compromised? You need to have some sort of validating policy engine in place to manage them. Yeah, I agree 100%. I think IGA and IAM are just-- they're two sides of the same coin as far as that's concerned. So--
Definitely, definitely.
--I guess in closing, we from One Identity look forward to working with Ping Identity-- I think that you guys have a great solution set. And you definitely, as we have heard it again and again from our larger-- a lot of customers, not just large customers, they have Ping solutions. They'd love to see us work closely together with you guys to develop solution briefs and integrations where it makes sense using the open standard approach. And I know we look forward to working with you further.
So I think that's all we'll need from you today, Baber, but I'm sure we'll see each other again. What we're going to be doing next is looking at a solutions accelerator we developed for ServiceNow. Thanks, Baber.
Thank you, Robert. Thank you, thank you. And you know, if you talked about having joint-- so I think there's a joint page also that we have on the Ping Identity side for you guys, a partner page. And that, I believe, lists the integration, lists the solution brief. So yes, definitely looking forward to being able to do more, especially during the lifetime of the session itself and how we can make things even more dynamic from an entitlement grant perspective.
Yep, absolutely. Thank you so much.
Thanks.
We'd like to thank everybody for attending the session. I hope you found this as valuable to you as it is for us. We're very excited about what the future holds for these partnerships and working closer together with all these different excellent companies. Again, we're trying to add value and offer as much as we can to our customers and our partners. And we really appreciate you attending. Thanks.
18:52