Last month I attended the European Identity Conference 2025, where I gave a presentation. It was a challenging task to select a topic for this year that would sufficiently represent the advancements we are making at Evolveum. Many newcomers are attracted to midPoint because it’s made in the EU. To my astonishment, it’s surprisingly difficult, maybe even impossible, to find another IGA product that can truly claim it is also 100% EU made without co-owners or investors outside of Europe. Although this fact is remarkable and significant to many organizations, especially in today’s environment, it speaks for itself and requires no further commentary.
Then I began looking for a suitable topic from a technical perspective. There are many areas where we are improving midPoint, and we are also making a great effort to map midPoint’s capabilities to use cases and challenges that our users face in their deployments. For example, the midPpint deployment methodology is gaining traction and simulations are proving their worth by saving money and manpower at every step of both new and existing deployments. Even though these innovations are tremendously useful, they are not suitable as topics for this conference. The simulations feature was already presented by Katarína Bolemant two years ago, and the methodology, as handy as it is, is more of a carefully selected compilation of best practices, therefore it doesn’t provide the novelty and excitement expected by the audience.
That’s the reason why I directed my focus on the non-human identities area. It’s currently a trending topic and new tools and services continue to be developed to tackle it. Knowing me and Evolveum’s mindset in general, you probably guessed I didn’t approach this the usual way. The typical way to handle non-human identities is from a security point of view, focusing on credential management, endpoint protection, and so on. I decided to address the essence of identities and their governance: “Why do they exist? Who is responsible? What is their purpose?”. These are the typical questions that IGA systems are designed to answer for all objects that are governed within them.
The main idea is that the already proven IGA principles can even be effortlessly applied to managing non-human identities. That gives us the benefit of using the already deployed IGA infrastructure and simply extending the range of managed identities to cover non-human identities as well. That can help us with the inventorization of non-human identities and applying basic life-cycles and access control, giving us a great starting position for the further development of non-human identity management and governance.
Would you like to learn more about applying IGA principles for governing non-human identities? See the recording or take a look at the pdf presentation.