Welcome, everyone. I'm Rob Kraczek. I'm from North America. I'm on the field strategy team with my counterpart Mr Robert Byrne, who you've seen in multiple sessions today, probably. We thought we'd put together a session on what we've been doing to partner with technology companies. So that's a relatively general term. It could mean someone who provides a product that is outside of our specialty or complements one of our products. It could be a technology partner. It could be some of you folks in the room that have developed a solution that works with one of our products.
But just to give you a little history on the TAP program, I've been at One Identity for 12 years now. I have performed a few roles, mostly in presales. And one of the things that I noticed when I first came here, and it was fairly common up until very recently, is that alliances or partnerships with other technology companies was typically run through engineering, based on a specific need at the time, either through a partner or a customer. And there was no real general awareness of what we could or could not do with a complementary product or solution.
And so a couple of years ago, we started a program called the TAP program-- Technology Alliance program. And some of you may remember the relatively short-lived relationship we had with Ping, prior to purchasing OneLogin. That was orchestrated by our team, where we actually went through an NDA process, a use case and proof point process, and developed some framework integrations with their products to build a better relationship.
And there's a few goals when we partner with these folks that we have in mind. The first one is are they filling a niche that our customers or partners are asking for? Is it something that will bring value to everyone involved? Or is it a one-way relationship? We try and stray away from those.
The second thing is, do we want an engineering relationship or do we want a broader relationship, where we build a general NDA program around sharing code and developing things so that, as engineering progresses with the solution or with that particular need, they have the tools in place to develop with the complementary products as well as our own in a way that's not going through an intermediary.
How many of you here are partners with us? Right. So in the past, we would go to you as a partner and say, hey, do you have a customer that has this particular product so that we can go through you to get access to the APIs to develop this thing so that we can bring it to market or provide a value proposition? That's not tenable at scale. And so what we've done is we've developed these relationships and this process to, number one, either approach or be approached by technology partners, have an official way or a stamped way of establishing a relationship through NDA and legalese because I love lawyers, but we-- and then we also have a way to, either through partners or internally or both, develop use cases and integrations that make sense to you as the business partner or you as the customer.
So it's also driven by internal needs as well. So we have a number of different things we're working on. Today, you saw some of the sessions that Rob Byrne was in as well as others, where we're developing these integrations with, say, SAP. We're developing integrations to further push our inroads into ITDR, and I think we touched on access certification for dark web-compromised credentials.
Yeah, VeriClouds--
VeriClouds, right. And as a matter of fact, as of yesterday, we have an NDA with SpyCloud. So we're trying to provide the tools and utility and the mechanism so as you as a partner come to us say, hey, I have a need, I have an engagement where I'm working on this solution, can you help me? We can say, yes, we have this relationship. We have an official way to do it. We can get it done a lot faster and, in other cases internally, we may be looking at things to further improve our products through integrations because we don't want to develop that capability or cannot develop that capability.
Yeah, that's it. Of course, it's not just partners. It's customers as well. Customers find themselves with a bunch of vendors, and then, ideally, they would love if those two vendors just talked about it and figured it out without having to bother the customer. So it's that kind of thing as well.
Right. As a matter of fact, I was approached fairly recently by a vendor who was working with another company we're currently pursuing an NDA with, and they are a customer-- I'm sorry-- and they had a very particular use case. And, of course, if you asked some of their identity manager guys, they'll say, yes, it can do everything. But can it do it in a way that's repeatable and doesn't take an enormous amount of customization?
So by partnering with this vendor, by the request of the customer, we're able to more rapidly develop a relationship, get an official lab from that vendor, work with their engineers, and put something together very quickly to solve that need. And then we can later package that code up and put it on as a solution accelerator, or it may go right into the product in the next .rev or major release.
So who do we partner with? Rob and I grabbed a bunch of logos that-- folks we've worked with recently. Interesting-- of course, we have a number of different number of other customers or other partners that we partner with as well that aren't up here. But these are some that we've partnered with recently and had conversations with and developed integrations with. SAP, of course-- there's a number of sessions here. And actually, we're working on more with them in the near future. SpyCloud just happened. Of course, you've seen the ServiceNow integrations. VeriClouds-- there's many others.
Enzoic, which is another use case when we purchased OneLogin or acquired OneLogin, they had a number of relationships. And so they actually had access certification built into their product provided by Enzoic. So it was easy for us to take that and expand it out to our two other products, or at least provide that capability so engineering could develop Access Certification for other things.
I don't know if there's any major ones--
Yeah, we're going to mention others here. So I don't know if anybody's-- did we put AWS in there or not? Is that it--
We have AWS partners--
It's there, sorry.
Yeah, I'm just checking. So yeah, it doesn't matter. We'll mention more.
And then the work we did with Splunk and Blue Prism. Yeah, there's been a number of them. So we talked a little bit about why we do it. But I think I need to reiterate, again, the importance here is that One Identity, as you know, we have four major categories of products, and they cover a myriad of capabilities.
However, in order to stay agile in this business-- I mean, a lot of you, I'm sure, have been in the security business or IT security business for a while like myself. Things change very quickly. And I would argue that things have stayed very much the same since I started in this as far as how you import users and how you manage governance, manage users under governance, and some of the other capabilities.
But also there's a lot of exciting new technologies and a lot of needs that weren't necessary years ago because we're in the cloud now. We have multicloud. We have multitenant applications. We have hybrid cloud. We still have on-premise to worry about. Mainframes are still here. They're not dead. So in order to develop these partnerships, we have to think about how can we work better together so that everybody wins.
I don't like to negotiate NDAs or I don't like to work with companies that are only trying to take from our-- show us all your customers and we'll go sell it. I'm not against working with partners that do that, but if we want a reciprocal relationship, that's the most the strongest relationship, to me, is the reciprocal relationship where we're both benefiting in a way that makes sense to the partner and to the customer.
And with the changing markets in identity security, one thing that's fascinated me recently is how many of you have looked at an IT solution? Fascinating stuff because there's no real standard around it. But what it's doing is it's essentially an identity sniffer. It's going out and it's looking at out-of-band activity around identities, and then it's collecting this data, which is great. But how can we, as an identity security company, consume that data? How can we take that data and do something tangible with it to take those triggers to create a more adaptive identity security model?
As I'm sure many of you have been in this space for a while, you know-- my comment earlier about things staying the same-- things are very static. Most products are only as honest as the policies that are defined within them. So you've seen the power of Identity Manager. Could I not take those triggers from an external sources and create in a more adaptive identity security model? ITDR might be the way to do that. We don't have one of those solutions, so why not partner with someone? So we've approached a few companies recently and had established NDA relationships. I think Rob's going to talk through a couple of screenshots or something we have here about why that could be of importance to you, to your clients, and you as customers.
So let's take a look at an example-- VeriClouds. I think it was mentioned in the session before lunch, the VeriClouds relationship and the solution accelerator. But what is this? So we've had a relationship with VeriClouds and with them for a couple of years now and they're essentially a dark web compromised credential certification application. So what they do is they go out they look at various nefarious sources for information on compromised credentials and they report that back.
By itself, companies like VeriClouds and Entra and SpyCloud collect this data. You can license it. You can consume that information. But it's just information. You can look up your email. I'm sure some of you have gone to the free sites and looked up your personal email and been alarmed at how much GDPR information is out there. But what can we as an identity vendor do to help mitigate risk in-band or without a band information? And this is a way to do it because we can actually validate through VeriClouds, through-- sorry, Enzoic, through SpyCloud. We can consume this data, and then we can perform an action against it, say, and safeguard.
Hypothetically, you could validate the credentials that have already been imported and are being managed inside a safeguard before they're requested again by validating through VeriClouds or a technology like that. Same with Identity Manager. I'm sure some of you are thinking about well, what could I do with dark web information in through governance? Well, a lot. Say you go to a client site. You're importing their Active Directory information. Maybe you want to use a technology like this to validate those email addresses and verify that those credentials have not been compromised already. Then you could set an automated password reset on import or something like that-- just hypothetical.
But this is an example of something we've built, and this solution accelerator is already out there. But we have relationships with other vendors that do the same thing.
Just read out what it says. People might not see it.
Oh yeah-- the following requirements are not met-- password policy, One Identity Manager password policy-- password is compromised. And, of course, we flag it as password strength weak. So this is a check prior to-- this was a check done prior to even getting into Identity Manager. It's going to force that.
So when you go to the GitHub and you take the script that's there and you drop it into Identity Manager and you put it in the right place, right on the password policy, that's all you've got to do. And then you get this in the UI. You'll get that-- the password's compromised. So we think of Identity Manager as a policy definition point. It's not really cybersecurity, is it? It's kind of setting policy. It's in the back end. No, it's not. It's right up there in the front end because that's an identity governance enforcement point right there, changing passwords. And it's telling you your password is compromised. I mean, that is kind of scary. And to see that in Identity Manager-- it's right in the front line of cybersecurity when you see that.
Now you could say, well, that's good, but if I'm an identity with accounts whose passwords are compromised, I'd like that information to actually flow into a governance workflow of some kind, wouldn't you? You would have thought so. Well, you can do that as well. You've got the information now. Drop it into a policy violation. Here's all the accounts in Identity Manager that are using compromised passwords or the accounts-- if the account's flagged. So it might [INAUDIBLE] but that information is available to us. And if you want to integrate that into your environment and think about-- you might be thinking, well, yeah, the world is sort of-- the perimeter identity is the new edge, and it's a porous perimeter.
But honestly, it's probably not-- if securing the supply chain matters to you, if you've got third parties accessing resources in your world, then you should be thinking that way. And if you're not, then something is wrong with your organization's approach to cybersecurity, I would say. And I'm not blaming identity folks, but I'm saying-- I think this is what Rob's calling out as well-- is that as identity folks, we should no longer be just hanging back, kind of configuring roles and stuff. We're right up there in the front line of cybersecurity in our organization. So that's kind of-- I know that's a little thing, but it says a lot to me.
Well, if you think about the keynotes-- so you saw when we had the 12 or 10 scenarios on cracking credentials. How many of you saw that?
Oh, Paula's--
Paula's session. So as an identity person, as an [INAUDIBLE], I'm like, that doesn't really apply to what I do. That's all edge. That's all desktops and directories. It's endpoint. It's network.
It is, but identity is more and more present in that world.
However, because Identity Manager provides this great governance engine, you could take these external risk signals and you can provide a data that Identity Manager could potentially take action on from an attestation perspective or just forcing a password reset.
Yeah, I think-- did you have a question on it?
[INAUDIBLE]
They say at some point [INAUDIBLE]
Yeah.
[INAUDIBLE] ideas like marketplace concepts [INAUDIBLE] integrations on top of your platform, for example? Thank you very much.
Oh, selectable items, yeah.
Well, yeah, I don't know that the idea of a marketplace-- and it was a session today, and Ted Ernst the product manager-- I know you've been talking with Ted as well, right? I mean, that's one of Ted's things is we need a marketplace. We need a place to share and possibly sell-- an actual marketplace, not just a sharing place, like a public library, but an actual marketplace where you can sell these integrations.
I think it would be very cool. We get the Amazon guy outside, AWS, and they're all about-- they've got identity requirements within their [INAUDIBLE] but go and to talk to Don Edwards. He's very clear when it comes to enterprise-wide identity governance, we need you guys. And I need my guys to know about so that I can recommend to our customers. And again, that place, that Amazon, those cloud platforms, we should be, right? So I don't answer for Ted, of course. I don't set the product direction. But what you said makes complete sense to me.
So you can basically develop this idea into two directions-- one, people can build their plugins on top of your platform which democratizes the whole development process for the integration. And the second point is, basically, you can verify this integration. So something like how Splunk does it, how ServiceNow does it-- you can have a plug-in verified by One Identity--
Yes, I know.
--and a plugin that's not verified by One Identity, you know?
Yeah, well, there's a lot-- it's a big business question. I can't answer it. But I think it's a great idea. I love it because it's like when you put something on your phone, if Apple's kind of said it's OK, you're going to have that trust. So yeah, I get it. It's a good idea.
You heard it from Rob. He committed to it.
Yeah.
[LAUGHTER]
Let's go ahead-- I think-- oh yeah, that's more on that.
So ITDR-- this is an example of Sharelock, but you could-- we've also been working with a company called AuthMind, which has some really interesting technologies. But this is where you're looking at out-of-band risk signals from a number of different sources from these types of products, these ITDR products will analyze the ISO-- they're trolling the ISO model from the directory all the way down to the protocol level.
And they're looking for things like-- we know you have a policy that everyone's supposed to have MFA, but these users are doing going to this site without MFA. Or they're using this particular application outside of your portal. They're not going through OneLogin. They're going through some little website they set up. Or there's some sort of anomalous behavior happening where a number of folks in this location are trying to hit the network in a different way than is normal. And so we can-- by themselves, these products are very powerful. And we've seen a number of demos. We've sat in them, where they show us these beautiful dashboards, where there's all these things happening and users.
But to me, when I look at it as an identity person, I think, OK, this is great. You're collecting this data. How can I take action on this to create a more adaptive identity security environment? So number one, I don't have to administer as many things manually, and number two, I can create better attestations and policy and roles in general to take those outliers and bring them into the governance fold because I've said it before-- the products are only as honest as their policies that you define. If people are going outside of those, you really have no awareness. Very few products are trolling constantly looking at this type of information.
So to me, anomalous behavior, activities-- we were talking to a customer outside who was talking about how can I take these triggers and create a better adaptive governance model? I'm looking at the Active Directory-- last login attribute, and it's not reliable. They're telling me they logged in. I don't see it. There's a sync problem. What else can I consume? And I thought something like this ITDR would be a great way to deliver these risk signals into Identity Manager, and then Identity Manager can then take action, or if there's an API integration, hypothetically, we can ask Identity Manager to create a new attestation or create a new process that will automatically grab those identities and maybe add MFA to them and force them into a group or force them into the model they're supposed to be in.
And so I think this kind of falls into zero trust a bit too, if you think about it--
It's totally a zero trust model, and I would encourage you to just take a look at AuthMind, take a look at their dashboard. Honestly, it's quite-- I mean, I'm not a network guy. I don't spend my time in SOC and SOAR and Ops and stuff like that. And honestly, I think there's far too much scary stats selling that goes on without the analysis-- we need to understand the use cases behind it and what the threats are. But the whole scary stat selling is something that I don't appreciate. But if you look at those dashboards and you see assets that are shadow assets that are not governed by-- so the whole world of shadow IT-- and you think about it, it's a shadow service or something.
But what about shadow changes to access? It's what we call in Identity Manager native changes. And actually, I think we should change the name to shadow changes. These are changes that are not supposed to happen, and we know they do sometimes, and I'm all for exceptions that we can track. But keeping track of that when you see hints of compromise, in-flight compromise, attempts to log in-- and this is happening all the time. Our perimeter has been probed all the time.
And when you see that combined with network, asset, and then the identity information-- dormant accounts, accounts with excessive entitlements, the information that we're bringing. Hey, that accounts actually belongs to a third party. And by the way, his contract comes to an end at the end of the week. Oh, and by the way, he's actually engaged in privilege-- when you see all of that coming together, for me, it's quite an amazing thing to see it all. And that's what's new. That is very new. I think it's very new.
It is new.
It is new.
There aren't any standards yet, but I think that it's evolving.
And I'll just say one final thing, which is a little bit in my point, and this is trying to say something, this picture. And what it's trying to say is we have an identity ecosystem. And it's very good at certain kinds of risk and detecting certain kinds of anomalies here-- excessive accounts or anomalous privileged behavior and so on.
And my point here is that any risk or anomalies that happen here, we should treat them as close to the source force as possible. And that's what we're bringing as identity people. And that answer that you get sometimes from naive cyber security people is like, well, I don't-- send it, and this is deliberately-- it's very far away. Send it to the SOC, right? Think of this as low Earth orbit, and then this is geostationary, and this is, like, Pluto or something, right? What do these guys know about really what's happening? What's the lag time here? So if we can bounce it back here, then we fix it here.
If we can't-- and that's what we're talking about ITDR-- we have ITDR systems that are closer to identity but are still bringing us signals. It's not so far. And I'm not saying don't send it to Pluto. Do send it there. But don't expect them to get back too soon. We need to take more responsibility. And this is value that we're all bringing as identity folks. So I think about it that way. And maybe I'm a little bit on the dreamy, visionary-- I don't claim to be a visionary, but that, I think, is a real picture of the world, and we need to, as identity guys, see our value in that picture more and more. Anyway, maybe that's enough about that.
No, no, I agree. I think, as a reformed hardware and penetration testing person, I saw the value as the gaps-- we're seeing not only convergence in identity security, but there's more convergence in awareness of the different pieces of the model in any given environment. Before, it was like networking guys and networking guys [INAUDIBLE] that [INAUDIBLE] guys, the CRM guys-- who knows what they did. And you just kept these little islands. And security is the focal point of everything. I always say, the environment is useless without users, but it also would run better. But when we combine all these risk signals and we put it inside of governance, then we have the ability to create a very adaptive, very agile environment.
So you have the Sharelock slide here.
Just some screenshots from Sharelock just to show the Sharelock guys and I mean just some day of the day this is not the fanciest dashboard and apologies to the Sharelock guys. And Maurizio, I'm sure, did a much better job this morning talking about that. So if you're interested in looking at the Sharelock stuff, then have a look at Maurizio's recording or video slides from this morning. But again, it's just to show it.
So this is just to point out that we have worked with these vendors. We do have agreements. We've prototyped some integrations that, obviously, we'll be more than happy to share the contacts and share what we've learned. And this is just an example of what we're trying to accomplish with the TAP program-- build these relationships, build these code samples, build these use cases, and make it a stronger picture for everybody.
And then that's just what it looks-- what it can look like when it comes to Identity Manager, where those risk signals are triggering governance workflows. In this case, attestations, but it could be policy violation, whatever it is. And you'll notice that this is a little bit of a dated screenshot because if you were in the sessions this morning, what's missing? What should be in the-- anybody? What should be in the third column here?
[INAUDIBLE]
Oh, [INAUDIBLE] you see, this is what-- so excellent-- yeah, exactly, recommendations. How normal does this look or what am I supposed-- the line managers-- what am I supposed to do with this thing anyway? All this threat detection stuff-- what's the system telling me?
No, that's a good example. We're taking risk signals, and we're actually putting them in something tangible you can take action on, which is always the thing that is important to me. When I see discovery tools that only just give me a blank report, I'm like, what do I do with this? OK, great, I have a pretty picture. But I need to take action. As a former administrator and director of IT, I need to take action. If I see all these triggers and you show me 1,000 notifications that are red flags but I cannot take action on them, it's almost useless.
So decentralized identity integrations is another one. And I know, Rob, you have a lot to say on this one.
Well, we do have a session, I think, after this one-- myself and Marc Maguire are going to do a session. But basically, decentralized identity is a thing. It's all about having assertions in your wallet, like your digital wallet, that you can bring to websites. The canonical example is I have an assertion in my wallet that says I'm over 18, and so when I go to buy wine on the internet, that's all I need to provide. They don't need to know where I'm from or who I am or where I'm living so they can deliver it.
But there's all that, so it's that privacy enhancement thing. And then we have integrations, and MATTR guys, I think, are attending this week, the local guys-- I don't know if they're here. But we've done some-- sorry, the Wise guys are-- the MATTR guys are in New Zealand. They're not here. But we've done some integrations with MATTR as well.
So decentralized identity is all about enhancing privacy and putting privacy back in your hands because when you go to buy the wine, you choose which of the assertions about you want to share. I'm over 18, and I live in the EU. But you don't need to know the other things that I get up to.
And that decoupling from the issuer, you're basically acting as your own IDP. And we talk about identity is the new edge. The guy's acting, in this flow, as his own IDP. This is like how much closer to the identity can you get? So a lot of very enabling things here. And the important point is often to listen to the people that work in this area. You think it's kind of magic. If you put something in your wallet and off you go-- actually, there's all this infrastructure and trust behind it. And that's what we're going to talk about in our presentation.
And actually, that's not to say, Oh, there's all this other baggage we have to carry. These are actually the things that will enable you to get that working really fast through existing identity flows. That's super important. So that's that.
And that's another key. When we were working with these vendors, we're always looking at how easily can they integrate with our solutions, particularly Identity Manager. And then is the flow going to make sense? If I'm speaking or looking at-- say one of you brings me a vendor. Hey, you guys should really partner with these guys. We take a look at their technology and say, is this a fit or is this going to be some Rube Goldberg device that's going to require 47 cogs and a bunch of levers to make happen? I don't feel that that's a position that we want to be in as a vendor. So we're always looking for vendors that have a good API set, they work with recognized standards, it's fairly easy to plug their things in and plug our things into them.
The feeling that this is a little demo-- I feel like it's not inappropriate. So I think it's quite short. Go ahead. Let's see what-- so this is a flow. You can see Get Verifiable Credential-- get me something in the wallet. So this is what the flow looks like with OneLogin, just to give you a sense so you actually see it. So this is the wallet. You can see it's on a phone, right? The screen is shared. You can see it's an iPhone that it's sharing. So this is the MATTR integration.
It's logging in to OneLogin to verify it. You'll see Marc doing the Face ID thing. This is all OneLogin piloting and orchestrating this. So he's been told to smile to make sure it's a person and not a bot or whatever or a picture-- a static picture. Goes to OneLogin-- this is no IDC flow, an OpenID Connect flow. And you could see the wallet. And now he's got his credential. So basically what's happened is by going through-- sorry, I'll just let it finish out. So there you go.
So by going through a standard OIDC flow integrated into OneLogin, he just, by authenticating himself-- by the way, with an MFA step, which is Face ID. This is all OneLogin-- he gets this verifiable credential. So that ability for Marc to log in here with strong authentication turns into something he can carry in his pocket.
Let's imagine he's a consultant. He works for IC Consult or whatever. And now he needs to go to a customer. He can present that and say, actually, i do work for IC Consult because I've got proof. That's going to introduce agility into the customer's third-party onboarding flows. So there, straight away, you're right into helping the customer secure those third parties, reduce the risk, and all that supply chain stuff. And so that's-- I just wanted to-- so you saw what a wallet looked like if you've never looked at it, but just to give you a view.
We'd feel guilty if we didn't show you at least one demo.
Yeah, like Marc does all these fancy demos and stuff, so there you go.
So some bigger ones-- as you know, we've had a really good integration with SAP products for a number of years. And we continue to build it. And I know Abdullah's doing a behavior-driven governance session with SAP tomorrow--
Half past 3:00.
Yeah, tomorrow. And we've built a number of integrations with other SAP products in POC stages working with SAP. We actually have a strong relationship, as Mark mentioned in the keynote, with SAP going forward. And there's a lot more exciting things that are coming through that relationship in the near future. But just want to-- with this one in particular, we're building an even stronger relationship with a company we already have a strong technical capability with.
And we felt that was of definite value to both companies. Since we do have a significant presence in the SAP management space with Identity Manager, we felt it was very important for us to pursue that relationship and build an even stronger one, where we have an NDA in place, not just a development agreement. We potentially could be sharing code snippets and getting straight to the developer when we need to get answers. So this is just an example of some of the things that we're doing with SAP. And this is just a snippet of what-- Abdullah has an excellent session coming up on that.
And there's another example of SOD approval workflow system. And we're actually tied into the Identity Manager with GRC Access Risk Control.
You'll find people asking about can we integrate with SAP GRC? And that's a huge-- it's a small question with a huge answer. I want to say, nowadays, we can give you a lot of very strong information and pointers and even technical resources. And Abdullah is [INAUDIBLE] keep overusing Abdullah's name, and we will continue to overuse him because he does such great work. And he has a webinar on it as well-- I hope is linked somewhere in here.
But you can watch what he does, and you can see him switch between Identity Manager and the actual SAP GRC view, which is really powerful for you to help you understand what that means, which we did not have before, but we now have ASAP GRC demo environment. We previously we just relied on customers. So we're in good shape here to talk to you about this if it's something of interest to you.
ServiceNow-- we've made a significant strides with that in the past couple of years. I don't know if you have anything you want to touch on--
Well, ServiceNow-- I know it's early days. And that app is definitely not perfect. But we're working on it. We're making it better. It is there. It can continue to improve. One that is less obvious, because it's a bit of a technology integration is-- and I know a few customers are using this because I've been dealing with them a bit-- is using ServiceNow. ServiceNow is-- you know what ServiceNow is, right? It's an ITSM system. It's got configuration management database. It goes in your environment and discovers assets and all kinds of things.
Now here's a question-- if the ServiceNow server, which is that agent that, as they put it, drops an anchor. ServiceNow has a cloud service that drops an anchor onto your on-premise. It runs this Windows service or Linux server or whatever it is. Where's that thing getting its credentials so it can go out and poke around your system? If you want to try a hack, do something with ServiceNow [INAUDIBLE] and then drop your hack in that way. That would be a great attack vector.
But anyway, where is it finding its credentials? You want it to find its credentials in a hardened appliance, like Safeguard. So we have an integration that we can share-- it's not published on GitHub just because we didn't get around to it. But we do have it. So if you want to integrate your ServiceNow [INAUDIBLE] you would safeguard. Then we've got everything you need for that. I mean, it's not very-- so we can do that. And some customers are doing that. And that's extremely important so that thing is running with trusted credentials. So that's just that point. Microsoft--
Microsoft, yeah. So we have a pretty strong relationship with Microsoft, obviously, through the Quest relationship. We've had a number of different things that we've done with Microsoft. We've developed some things with Avanade. We've done some webinars. We've done some sessions.
Microsoft is an interesting one because that's more of a corporate NDA. That is not something that we've done specifically through the TAP program. But because we're able to interface with them, we're broadening the relationship a bit in our conversations. I can reach out to an Azure engineer. I can reach out to other folks in other parts of Microsoft to get a better picture of what they're doing to see how I can provide an intermediary to influence some of the things we're doing. And we do that through some of our relationships and NDAs.
So I don't know if we've done anything specifically lately with any of the Azure-- or Entra, pardon me. Got to get with the marketing. But Entra Directory Services for sure-- strong relationship there, particularly through Active Roles. I don't think-- how many of you use Active Roles here? Yeah, only a few, right? So that's more of a Directory Services play. But we also, through Office 365, through Azure scheme itself-- there's a number of different ways that we're working with them.
And then RPA-- that's a big one. So RPA, Automation Anywhere, UiPath, Blue Prism-- we've had those relationships for a couple of years now. I think we did it-- the first one, was it two years ago?
Yeah, I think it was the Alan Raul started that with the Blue Prism, if I'm not mistaken, and then we went on from there.
So we've developed code snippets with these products, not only for Safeguard, but also with Identity Manager. And this is another example of where we pursued an official relationship, not just consuming code through some intermediary, so that we have the ability to be more adaptive and agile in how we work with their solutions.
This is just an example of how an automated process could potentially integrate with--
The RPA world is a whole thing. And you can get into it, and what does governance and privilege mean for it. So if it's a thing for you, we've got a lot to say about that, and we can help you think about it if you want to. But basically, identity has got a huge role-- identity governance, privilege, access management-- a huge role to play in securing that stuff. And that's what we've been doing with those partnerships.
Yeah, it's important. I mean, there's a lot of automation that's happening. Now at first, I was a little-- I was like, wasn't that just scripting? But no, it's actually a lot more going on, particularly when you involve AI.
Actually, this is the last, I think, more or less. So the last example-- Axiomatics is an example. So I don't have an answer for this. I'm in discussions-- I know you some of you are working through this. What's the role of our identity governance access management privilege directories in a world of continuous access evaluation, whatever you want to call it, policy authorization servers. So I'm thinking of vendors to help you understand-- Axiomatics' Plain ID. There's others. And there's very interesting discussions to have, like, oh, it's a policy server. It's totally dynamic. I won't need roles anymore. It's going to make my life so easy-- if something's too good to be true, right?
That said, I'm a big fan. I was actually hired into One Identity to be presales for a policy server product that we had at that time, which doesn't exist anymore, but I'm still here. And I'm a big fan of that as an approach. But there's a lot to think about how do you, for example, do access review on policy server policies because they don't do it. Where are you going to do it? How are you going to review those policies? Have you ever seen some of those policies? You know what they look like? They return SQL queries? [INAUDIBLE] tell me a business line user is going to review that? No.
Now I know some of you might be, if you know this world, thinking you're making a caricature because there's actually natural language-- yeah, there is, and that's fine. But nevertheless, there's a lot of identity things we need to think about there, and that's a question I leave you with. And we're discussing with some of you, like Kurt, and then some of the guys from some other companies doing this, and we're all exploring this as we go through. So yeah, so that's it.
Yeah, so from a technical alliance partnership, Axiomatics is-- we're having active conversations about how we want to work together. I think ABAC has-- like Rob said, when ABAC first started, we were like, whoa, that's a lot of data to process individual attributes for everything.
But I think that, potentially, its time has come for a lot of our needs when it comes to governance in particular situations. Particularly with processing power now, it's not as much as a concern as it used to be. Processing individual attributes for internet of things-- even though that's an old term now-- Axiomatics and companies like that, potentially, are experience a little bit of a renaissance, I think, in how they're perceived.
I have a feeling, yeah. So it's one to watch. You might not be there. This might be so far over your horizon-- don't worry about it. We'll get to it.
So let's summarize. So the whole reason that we decided to do this session was to just give customers and partners a perspective on what we're thinking from a strategy perspective and how we're pursuing relationships with complimentary organizations. And that includes partners. So we have some partners that have developed solutions that will integrate with our products that we consider a product as well.
But the real takeaway from this is we're always open to new discussions with complementary technologies. We're also looking at it not only from how can we make our product position stronger, but how can we help you as customers and integration partners provide a better solution. Because if you're a customer and you're using our products internally, your users are your customers. If you're a partner, then you're providing client services to any number of different industries. So we're always looking for technology integration solutions that will complement our products in a way that will help as many as possible.
And then a couple other things that are really important to me is how can we provide this tool set in a way-- how can we develop these solutions, at least initially, in a way that you'll have an idea of how the code could be built. And so I work very closely with the PMs to make sure that anything that we do through presales or in the field, that we can potentially get it up there at least on GitHub to provide you with some code snippets or at least examples or at least recordings and POC sessions or whatever.
And then I have an ask for all of you is what are you seeing-- other things that we're missing in today's modern identity landscape that could potentially complement Identity Manager or Safeguard or any of our other products in a way that would be complimentary to both organizations? So approach us. Send us emails. Beat down the door. Let us know you've seen this great product or this great solution that would be just an excellent fit for working with One Identity to provide a stronger solution. I don't know if you have any closing statements?
No, that's it. That's perfect.
Great. With that, any questions? Got one back here?
[INAUDIBLE]
She's coming.
I can't see where you are. Could you raise your hand? Oh, thank--
Yeah, thank you. One quick question-- you were talking about the strategy, how you're integrating new products. Obviously, we are going to see in the new releases versions when these products are going to be integrated. However, this is a bidirectional process. At some point, you are going to stop supporting some because you cannot support this growing and growing and growing. Can you, a bit, elaborate on your strategy when you actually discontinue doing something?
So currently, what we do is we develop a business relationship with the organization, and we'll develop some use cases that are mutually beneficial. If, at any point, those use cases are no longer valid or the company gets sold to a competitor or et cetera, et cetera, we evaluate it on a case by case basis. So in the case of something like Ping, we still have a relationship with them, but they're a competitor. So it's kind of like a-- over here, right?
And I could expect that-- we don't have a defined policy for how we'll cut something off. It will depend on how we delivered it to you. It will also depend on the relationship continuing relationship with that vendor. So any other questions? All right, I appreciate your time. Thank you.
Yeah, thanks.
[APPLAUSE]