Last month I attended European Identity Conference 2025, where I was having a presentation. It was a challenging task to select a presentation topic for this year that would sufficiently represent the advancement we are making at Evolveum. Many newcomers are attracted to midPoint because it’s made in the EU. To my astonishment, it’s surprisingly difficult, maybe even impossible, to find another IGA product which can truly claim that it is also 100% EU made without co-owners or investors outside the European space. Nevertheless, though it is remarkable and significant to many, especially today, it speaks for itself and requires no further commentary.
Then I was looking for a suitable topic from the technical perspective. There are many areas where we are improving midPoint and also we are making a great effort to map midPoint capabilities to use cases and challenges that our users are facing in their deployments. For example, the midPpint deployment methodology is getting traction and simulations are proving their worth, saving money and manpower at every step of both new and existing deployments. Even though these innovations are tremendously useful they are not suitable as topics for this conference. The simulation feature was already presented by Katka Bolemant two years ago and the methodology, as handy as it is, is rather carefully selected compilation of best practices, therefore it doesn’t bring the novelty and excitement expected by the audience.
That’s the reason why I directed my focus on non-human identities area. It’s currently a trending topic with many people and companies focusing on it, often leading to the emergence of new tools and services just to help deal with it. Knowing me and Evolveum’s mindset in general, you probably guessed I didn’t tackle this the usual way. Typical approach to non-human identities is from the security point of view, focusing on credential management, endpoint protection and so on. I decided to address the essence of identities and their governance: “Why do they exist? Who is responsible? What is their purpose?”. These are the typical questions that IGA systems are designed to answer for all objects that are governed within them.
The main idea is that the already proven IGA principles can be effortlessly applied even to managing non-human identities. That gives us the benefit of using the already deployed IGA infrastructure and simply extending the range of managed identities to cover non-human identities as well. That can help us with the inventorization of non-human identities and applying basic life-cycles and access control, giving us a great starting position for further development of non-human identities management and governance.
Would you like to learn more details about applying IGA principles for governing non-human identities? See the recording or take a look at the pdf presentation.