The Intersection of RPA and IGA: Why Automation and Identity Governance Go Hand-in-Hand

The rise of robotic process automation (RPA) during the last several years has enabled organizations to adopt new technologies that drive efficiencies across their business. RPA solutions leverage software robots that communicate with business systems and applications to streamline processes and reduce the burden on employees for completing mundane, repetitive tasks. Embracing new technologies like RPA has helped organizations transform the way work gets done.

One major IT technology area that is benefitting from advances in RPA is Identity Governance and Administration (IGA), also known simply as identity governance. IGA is both a policy framework and set of identity governance and access management security solutions that enable organizations to more effectively mitigate access-related risks and manage identity chaos within their business.

The role of IGA is to enable organizations to intelligently and efficiently manage who has access to what systems and when, and deliver the most efficient path to mitigating identity risk. This helps them to maintain least privilege access levels across the business. Identity governance helps ensure that organizations have increased visibility into the identities, access privileges, roles, entitlements, and segregation of duties for users, so they can intelligently and consistently manage access to valuable company data and systems. And increasingly these identities are both human and digital.

The Complementary Relationship Between RPA and IGA

Robotic process automation and identity governance technologies are mutually beneficial. Enterprises that leverage both IGA and RPA achieve benefits with regard to policy management, entitlements appropriation, and management of both human and digital identities, including software robots. At the same time, these enterprises can also harness the power and ease of automation from RPA solutions that streamline repetitive, bulk tasks within and around IGA.

This sentiment is specifically echoed and articulated by analyst firm Gartner. Based on the IGA, RPA, and Managing Software Robot Identities Gartner Report, “robotic process automation will have a profound impact on IGA,” by leveraging automation for repetitive IGA tasks and also by “introducing robotic software whose identities and access must be managed and controlled.” Specifically, the successful integration of RPA and IGA hinges on four key areas that we will examine throughout this blog:

• #1: RPA is well-suited for repetitive, bulk tasks within an IGA solution
• #2: RPA can be used to pick up where IGA automation stops for ‘last mile’ provisioning
• #3: RPA can be used to automate difficult deployment tasks in the IGA enterprise environment
• #4: RPA software robots need to be managed from an IGA perspective

#1: RPA Is Well-Suited for Repetitive, Bulk Tasks within an IGA Solution

One of the hallmarks of RPA is its ability to streamline repetitive tasks. By handing over mundane items to software robots that communicate with critical identity management systems, organizations can leverage automation for key repetitive elements of Identity Governance and Administration, including routine tasks related to provisioning and deprovisioning. More specifically, while IGA manages the identities of users, knows who has access to what and why, and enforces and executes identity and access policies, RPA can execute task automation efficiently for onboarding and offboarding users. Based on the policies managed and enforced by the IGA solution, RPA can help eliminate any time-consuming manual data entry, and ensures HR and IT teams can focus more on strategic, value-added initiatives. Organizations that automate onboarding and offboarding through an intelligent IGA solution, combined with RPA for task automation in provisioning and deprovisioning, should ensure they follow the best practices and policies of an identity governance program, enabling them to:

• Create base access for new users from an authoritative source
• Remove user access based on direction from authoritative source
• Trigger manager requests for user access through an IGA solution

#2: RPA Can Be Used to Pick Up Where IGA Automation Stops for ‘Last Mile’ Provisioning

IGA automation typically leverages standards-based integrations and application programming interfaces (APIs) with platforms, including Active Directory, UNIX, RACF, and others, as well as vendor applications that reside on these platforms for policy-driven account provisioning and entitlement management.  Where these integration methods are not easily available, do not exist, or are too cumbersome to maintain, RPA provides the capability to execute on the ‘last mile’ of this provisioning process with easy-to-manage and deploy solutions. This means RPA can pick up where IGA ends in providing access and entitlements to users.

While IGA ensures that access requests for new users are routed for approval according to established policies and through an appropriate access request system, RPA can step in and ensure that a task marked for manual fulfillment can be automated to finish out the provisioning task following the policies driven by the IGA solution. This can include logging any changes and notifying any relevant individuals of the provisioning status. Finishing this last leg of provisioning is an essential step and demonstrates how RPA can help streamline any manual tasks that are part of an overall IGA solution.

#3: RPA Can Be Used to Automate Difficult Deployment Tasks in the IGA Enterprise Environment

Another specific area of focus for leveraging robotic process automation in identity governance is in helping to manage the overall IGA enterprise environment. This can mean any number of tasks that are labor intensive, error-prone and time-consuming, including assisting with IGA deployments, server upgrades, and platform migrations. Gartner refers to this as ‘complementary use cases that target IGA systems management or managed services, such as delegated administrator, access concierge, IGA deployment, and managed services assistant.’ In these types of use cases, RPA is the perfect match for an enterprise-level solution deployment to help streamline processes, reduce operational errors, and maximize efficiencies within the business. And this helps the organization reduce the overall total cost of ownership and improve time to value.

#4: RPA Software Robots Need to be Managed from an IGA Perspective

Just like human users in an organization, digital identities from RPA software bots, sometimes referred to as ‘service accounts’ in IGA, are an increasing target for attack. With the increasing number of tasks that bots are now performing within organizations, and the elevated privileges they have to company systems, applications, and data, organizations need to effectively manage bot access levels to ensure the business is protected. This is done by including these digital identities under the identity governance umbrella, and managing them in a similar, yet distinct way from how human users are managed.

Treating bots as contingent workers within the organization is a best practice approach for intelligently managing digital identities. While RPA software bots take on mundane, repetitive tasks of human users, categorizing them as contingent workers will clearly define the systems and applications they should and should not access. By extending the definition of users to incorporate bots as part of the contingent workforce, organizations can increase visibility across all their environments and more effectively protect their organization as the digital workforce continues to expand.

Key Benefits of Leveraging RPA and IGA Together  

The integration of RPA and IGA in each of these four ways can have transformative and lasting impact on organizations today, including improving security and mitigating risks, while also increasing operational efficiencies across the business.

Improving Security and Mitigating Risks

As highlighted throughout this blog, the key to mitigating identity-related access risks is in understanding and managing who has access to what systems and when. This is the primary challenge that IGA solves for organizations today. Supporting the primary role of identity governance in managing policies, appropriating entitlements, and overseeing identities, RPA can work effectively to streamline key provisioning and deprovisioning tasks, ensuring appropriate manual processes are automated within the IGA framework. Together, these solutions make sure users are operating within well-defined access policies and are not overprovisioned—all with minimal disruption to IT, managers, and HR teams.

Increasing Operational Efficiencies

RPA and IGA solutions empower organizations to do more with less. Many HR and security teams are understaffed and overextended yet are expected to oversee employee access, manage and protect increasing numbers of devices, data, users, and systems. This is intensified during the current environment where increasing numbers of employees are being asked to work remotely. By leveraging IGA and RPA to automate and streamline access management, organizations can boost operational efficiencies and ensure that both HR teams and IT professionals avoid tedious tasks related to user access, ultimately saving countless hours of redundant work and enabling them to spend more time on what’s most important to the business.