Friday, June 26, 2009

On SaaS Provisioning

Jackson Shaw posted some of his thoughts today on enterprise-class SaaS provisioning...

"If you consider an SaaS application as "just another application" you will understand that your end-user identities still must be managed in that SaaS application...We have a standard called "Services Provisioning Markup Language" (SPML) which was specified to help provision identities via a web service. Does your SaaS vendor support that standard? I'll bet they do not! What do you do then? I've met with hundreds of customers over the years and many are still struggling with provisioning inside the enterprise! Throw in SaaS provisioning - via some hairbrained interface because the vendor doesn't support SPML - and it only adds to the organization's identity management complexity."

I have to agree. The real pain point here is the connectivity into SaaS apps, and the lack of standards there. Ian had talked about this in a previous post. Recreating a workflow engine, role management, delegation, etc. in the cloud seems to just create redundancy for these capabilities, especially for organizations that have already dropped a few dollars to deploy an IdM solution on premise. Why would I drop my existing investment here? (Perhaps there is a compelling case, but I just don't see it.) I would much rather find a solution that proxies the SPML requests from my existing provisioning solution that handles all the complexities (or "hairbrained interfaces") for the SaaS apps on the backend! More on this soon...