This part of the IAM space (SSO and AuthN) is so crowded with products, both paid and open source. When you look at governance, certification, lifecycle management, approvals, etc. there is almost nothing by comparison. A couple not so great commercial products and very little open source. Hopefully that changes.
Agreed, I mean that's why we built our solution completely open source in an open saas model and certified [1] our solution. We even provide our pentest results publicly, after mitigation of course [2].
The value we provide, when you are using our cloud, is the operational peace of mind, global scalability with data residency and access to deep technological knowledge.
We wrote some word about that in our blog [3] as well.
In a large, highly regulated business, these are all features that are needed in an IAM platform. The specific regulations vary by industry, country, etc.
Onboarding - birthright provisioning of accounts across many systems. Email, directory, etc.
Termination - automatically remove application level access across the business, not just the user's sso access.
Approval - the ability to request access to a system, have it go through a series approvals (which are audited) and then if approved, provision the correct level of access in the end system.
Certification - the ability to do periodic access reviews of users. This is typically run yearly or quarterly and you would be asking the user's manager and possibly the application owner to review their access and decide if it is appropriate. If the choice is made to revoke it the IAM system should go directly to the application and remove their access.
Yes SCIM covers some of this, but it is just a protocol.
