Connecting Your Applications and Systems with Clear Skye IGA

written by
Mark Stillings
Technical Product
Identity Governance
September 24, 2024

Connector framework and connectors are just the beginning

The foundation of identity governance and administration (IGA) is the systematic extract, transform and load (ETL) of enterprise-wide data for as many business applications as possible. Fully answering the IGA question “Who has access to what?” requires knowing as much as possible about the people, application accounts, and application entitlements in use throughout the enterprise. Our customers increasingly see the benefits of direct connections between their Clear Skye IGA system and their enterprise business applications using both our standard connectors as well as the Clear Skye connector framework.

Clear Skye customers connect to legacy and modern systems quickly and easily. Our approach to bringing applications under governance helps our customers to reduce the cost, complexity, and risk of integrating business and IT applications with their identity governance solution. The Clear Skye connector framework, driven by ServiceNow digital workflow and service management, is responsible for automating the fulfillment of IT-related access provisioning. Access decisions can be linked to a person’s employment lifecycle to automatically grant and remove access as users join, move about, and leave the organization.

Clear Skye IGA connectors make it almost effortless to integrate many applications to bring them under governance. Clear Skye IGA currently ships with the following connectors:

  • AWS IAM
  • Oracle Databases  
  • Google Workspace
  • Oracle Fusion & HCM
  • Okta  
  • JIRA Cloud  
  • Salesforce CRM  
  • LDAP  
  • SAP SuccessFactors Employee Central  
  • Microsoft Active Directory (AD)
  • SAP ERP
  • Atlassian Jira Cloud Directory
  • Microsoft AD LDS  
  • ServiceNow
  • Microsoft Entra ID (Exchange Online, Azure AD & Microsoft 365)
  • Microsoft Exchange
  • Workday HR  

If your business applications and systems are not covered with our connectors, you can leverage REST/SOAP/SCIM integrations, JDBC, ServiceNow Flows (no-code/low-code workflow engine), Integration Hub spokes, RPA bots, JavaScript Code Libraries and PowerShell Scripts to automate the last-mile provisioning.

Use the Clear Skye drag-and-drop user interface, with low-code/no-code design, for flow-based provisioning actions (in this case “Account Enable”)

Clear Skye IGA provides standards-based connectors

The standards-based Clear Skye IGA REST (SCIM), LDAP, and JDBC connectors can be leveraged for a variety of different applications. These connectors can provide full-featured integrations through simple configuration for their provisioning actions without the need to write any custom code. In addition, Clear Skye leverages native ServiceNow Connections and Credentials technology, providing native support for many different authentication methods. This technology also disassociates the authentication mechanism from the connector framework so the authentication can change and adapt as your enterprise security evolves without impacting the connector or provisioning configuration within Clear Skye IGA.

Clear Skye IGA complements Integration Hub

“Do I need IGA if I already have Integration Hub?”  

We have heard variations of this question many times, and the short answer is “yes.” While the ServiceNow Integration Hub spokes play a particular orchestration role, they are not digital workflows, and they do not contain any business logic or intelligence themselves. Rather, these Now platform spokes function like an API, providing an open window into a specific function of a remote system.

More importantly, Integration Hub spokes are not IGA connectors. However, Integration Hub, when used in conjunction with Clear Skye, can play a vital role in extending IGA connectivity to include nearly 100 different business applications.

Clear Skye’s extensible connector framework includes support for Flow-based provisioning actions which can then leverage Integration Hub spokes provided by ServiceNow. These spokes perform just like Clear Skye connectors, providing you the ability to use Integration Hub spokes in the same way as a native Clear Skye connector.

Manage disconnected systems: Ensure all access and application are under governance

“What about systems that don’t have a connector?”

In addition to our out-of-the-box and standardized connectors, Clear Skye IGA also includes native support for disconnected systems within the same connector framework and provisioning model. Clear Skye IGA handles disconnected systems the same way as applications with direct connectors for automation, providing a more manageable way to onboard and maintain the long tail of disconnected enterprise systems. Having both disconnected and connected systems included on the same provisioning platform means that IT has a single pane of glass to manage ALL applications.  No need for additional integrations, customizations, or worrying about clunky ITSM system handoffs, external file handling, or email inbox processing!  

Disconnected systems are easy to configure with Clear Skye IGA on ServiceNow

Clear Skye uses native ServiceNow functionality to support data imports via CSV and JSON text files from on-prem or cloud-based file servers, S/FTP hosts, or HTTP/S services. Additionally, you can leverage ServiceNow Data Import Sets (ServiceNow’s ETL engine), which adds support for importing data via Excel files and several other formats.

Clear Skye IGA makes it possible to add new systems under governance without having to wait for the availability of your over-burdened platform admins.

share on

Related Posts

Take a Self-Guided Tour

Personalize your own on-demand demo to see how identity security built on ServiceNow works.
Update cookies preferences