Blog

Omada Wrapped: 2021 in Review

By Erik Dibbern, Chief Technology Officer at Omada

December 22, 2021

Each year, Spotify sends its users a “year in review” with the most listened to songs, artists, podcasts, and more. At Omada, we wanted to provide a quick recap of all the biggest and brightest features we brought to our customers this year, helping to make this year our best yet!  

Our releases this year have all been focused on continuing to modernize our Identity Governance solutions to help our customers bolster security, improve efficiencies, and meet compliance. This was done through four themes of Identity Analytics & Data, Connectivity, Improved User Interface, and Key IGA Capabilities.  

In addition, we’ve transitioned our delivery of capabilities to a fixed monthly release cadence for our cloud customers to demonstrate predictability while paving the way to fast and timely innovation. In 2021 we’ve release 9 such updates already – all while keeping the pace of timely updates for our on-premises customers as well. 

Here are some of our highlights: 

 

Identity Analytics & Data 

Analytics Architecture. This year we launched our new real-time analytics engine to our cloud customers, laying the foundation for a whole new set of capabilities driving awareness and enabling fast response to changing metrics.  

KPIs and Drill Down Data. Having the most in-depth identity analytics and tracking Key Performance Indicators has never been more important. This year at Omada, we added over 20 data points that can now easily be tracked and consumed within the Omada portal. These include: 

– Recertifications 

  • # Open recertifications, # resources in recertification campaigns, # high risk resources in recertification campaigns, # identities in recertification campaigns, # high risk identities in recertification campaigns, # open recertification campaigns, % completed recertifications  

Process Data 

  • # Of access requests completed, % access requests completed, # access requests questions approved, # access requests rejected, % access request rejected 

– Drill down into

  • Assignments granted without desired state, non-certified assignments, stale accounts, identities with high risk level, resource with high risk level  

Thresholds on Identity Data. Importing data is a top – but also challenging – task for many IAM teams and security practitioners. However, doing so is sometimes high-stakes, and faulty imports can lead to bad data that is hard to reverse course on, so having safeguards is very important. This year we’ve added a new set of thresholds on identity data, always measuring the quality of the incoming data against baseline metrics and flagging anomalies. This helps to prevent accidental approvals of data into Omada that could cause confusion.   

 

Connectivity 

At Omada we’re constantly improving on our configurable and generic protocol-based connectivity framework, making it even stronger and more resilient for our customers. This comes in a variety of ways, including extending our standard range of authentication, to help support more and more systems and applications that exist within each organization’s IT landscape whether on-premises or in the cloud. 

Improved Generic Connectivity. We have also added support for custom headers and improved lookup and filtering options. By using REST, SCIM, or OData connectivity, enterprises connect most IT systems via APIs, through pure configuration. 

Preview data as part of onboarding of a system. Imports are often considered black boxes, which can lead to lengthy trial and error before being properly configured. Our new preview capability helps provide a view of data subset prior to import and has visibility of raw data from the source system and the data transformation performed in the configured queries & mappings – all leading to faster implementation cycles, accurate mapping, easier troubleshooting, and smoother operations. 

Further support for SAP. SAP is one of the most used application suites in enterprises today. This year we placed major focus on adding support for various SAP use cases, including: 

– Paging, and delta import support for SAP Access Data and SAP HCM 

  • Ensures more resilient, smoother, and faster imports 

– SAP HCM  Dynamic extract program improvements 

    • Logic in the extract program has been optimized to increase performance, with customers seeing up to 80% improvements in runtime of the cache table population in SAP HCM 

    Support for Microsoft Exchange Hybrid Deployments. As organizations move more and more applications to the cloud, having security solutions in place that not only secure workloads in the cloud or on-premises, but both, is critical. By adding support for Microsoft Exchange Hybrid, Omada can manage mailboxes, the access to them, as well as aid in assets that are in process of being migrated to the cloud, for hybrid deployments of Microsoft Exchange – all while keeping focus on governance and compliance reporting. 

     

    Improved User Interfaces 

    This year we made further strides in making our user interface and management portal even more intuitive and customizable to help our customers improve security and adopt the tools at their disposal. This year within the User Interface we have introduced: 

    • New Navigation menu and placement of the User Profile and settings 
    • Menu improvements to make most recently searched for items appear at the top 
    • New default logos and color scheme 

    New Cloud Management Capabilities. The Omada Identity Cloud Management Portal is the place where Omada administrators can seamlessly manage their environments. The portal has similarly seen some updates that make it even more useful for administrators to gather data they require. This includes:  

    • Configuration of Omada Identity Cloud environments 
    • Cloning and restoration of environments 
    • Creation of new environments 
    • Registration of additional administrators 

     

    Enhancements to Support IdentityPROCESS+  

    Omada IdentityPROCESS+ helps organizations map business requirements to business processes and have a solid foundation for scoping the IGA project at an early stage, thereby helping our customers avoid misunderstandings, secure alignment, and realize the benefits of Omada without the hassles, guesswork, or wasted time. Processes include: Identity Lifecycle Management, Access Management, Business Alignment, Identity Security Breach, Governance, Administration, and Auditing. This year we have made several enhancements to our products to help enhance these processes. 

    Link Compensating Controls to Constraints. Omada has added the ability to enables evaluators of constraint violations to easily select between a list of Compensating Controls. This helps to ensure that SoD constraints are efficiently integrated into the business processes, and that no identity is assigned access rights violating constraints without proper evaluation and approval. As such, SoD evaluators are now able to review and allow SoD violations in a simple workflow.   

    Assignees as Constraint Owners. When allowing a violation, users need to select compensating control; it is only possible to select compensating control that is relevant to the constraint. This year, Omada expanded ownership of constraints to also incorporate constraint owners as assignees in certain situations. This helps to broaden who can evaluate SoD violations and adopted to meet the flexibility demands of each customer’s requirements. 

    Business context in access certifications. When running access certifications, most don’t use multi-affiliation. As such, Omada has improved our Access Certification capabilities to derive the Manager Approval Step from the Business Context Ownership where access was requested, as opposed to relying only on the business manager. If certain access is requested based on a particular role, it can be routed to multiple positions to help offload the over-reliance on an individual that comes with having only one approver for all tasks.  

    New Identity Process Transfer. The ‘Great Resignation’ of 2021 saw many people changing jobs for a variety of reasons. This placed an added emphasis on the importance of identity lifecycle management, with many joiners, many leavers, and many movers throughout the organization. Omada has added the ability to automatically launch a new transfer identity assignment survey when an identity’s organizational unit changes. Assignees can choose to transfer, remove, or remove access with grace period, based on policy to make this easy. They can also launch surveys on an event definition (i.e. when a manager for an organizational unit changes, or an identity is removed from the directory).  

    Resource Recommendations and Persona-based Dashboards. Administrators already have a lot on their plates, and anything that helps them save time in performing their tasks inherently improves security. As such, Omada administrators can now sort lists of possible resources by popularity, based on what their peers in similar context or organizational unit have also requested and/or approved. This includes being able to hide resources already assigned to the user to make it even easier to find the important pieces quicker. 

     

    We hope you enjoyed this summary and look forward to continuing this momentum in 2022! For more information on the latest and greatest from Omada, please be sure to check out our Product News page.

    Let's Get
    Started

    Let us show you how Omada can enable your business.