The Clear Skye team has been hard at work on this release for quite a while and we’re excited to share it with you. Clear Skye IGA 5.0 enables users to further simplify workflows, increase productivity, and improve overall user experience, all while strengthening security protocols. With improvements to access reviews and requests, the introduction of a new review framework and access approval plans, and streamlined integration for disconnected systems, 5.0 is a game-changer.
The best thing about this release is how much customer input we've had. We've heard from our customers and from our partners about challenges they experience trying to implement identity governance, the issues that they've struggled with the product, and new ideas they have for how to use Clear Skye. Many of the improvements in 5.0 stem from this customer and partner feedback and we look forward to additional input stemming from this release.
This release focuses on a few key themes: configurability, visibility, and user experience.
This theme is about moving from coding to configuration. We’ve added these new capabilities to simplify not only implementation but overall product use and adoption:
Application Access Requests on the Native Service Portal: End users can request access at the point of need and application owners can publish their own application and access roles, improving speed of approvals and governance.
Point of Access: A Point of Access can be generated and published to a ServiceNow Portal catalog/category to allow end users to request access, which is then fulfilled by Clear Skye IGA. Each Point of Access has a lifecycle and can be created, updated, disabled, or enabled. These lifecycle events are implemented as IGA Access Request tasks and can include approvals.
Approval plans: Approval Plans are evaluated using conditions and order fields. If the evaluation of a plan is true, then the referenced Approval Policy is applied to the request.
Request plans: Request Plans allow for customization of the IGA Request process via subflows. IGA admins can add customization before or after any stage in the request process.
Scheduled tasks: Scheduled tasks are particularly helpful when onboarding and offboarding employees or when you need temporary entitlements for a contractor. These tasks have a scheduled start date in the future and can have a scheduled end date in the future as well, which generates a follow-up task after the first task is completed. The follow-up task is the inverse of the original task.
Disconnected systems import: Organizations add new applications all the time, but they need to be under governance. Having a structured framework that allows you to use your ServiceNow interface and ITSM to manage those disconnected systems is key to managing the long tail of applications. We now support importing disconnected system records using our enhanced IGA automation framework capability.
This theme is about moving from simple compliance checks to broad access visibility through reviews. Clear Skye IGA’s Access Review functionality has been significantly enhanced for the IGA 5.0 release to accomplish this.
Customized review actions and a new review framework replace traditional, binary access reviews where the only option is to accept or remove access. These new actions improve efficacy and reduce risk. The framework provides the ability to define new campaign types in addition to:
- Ownership reviews
- Identity/profile reviews
- Account & entitlement reviews
- Role membership reviews
We built our solution on ServiceNow due to a core belief in the importance of keeping the familiar ServiceNow interface, portals, and shopping cart available to our customers.
We often tell customers that their end users won't know Clear Skye exists and that's by design. They should feel like they're interacting with every other service on the ServiceNow platform. And that goes not only for the end user experience through the portal, but also for administrators on the backend.
Because we’re native to ServiceNow, we didn't have to create a custom workflow engine. You use Flow Designer, just like you do for all of your other business processes on the platform. We've wrapped standardization around those capabilities, but you still get to leverage those same capabilities that you're already familiar with. When you're working with ownership information within your CMDB, or the HR module, or security incidents, you take advantage of seamless interactions between the solutions and the interfaces. Leveraging the data between the solutions from a single data warehouse is critical for solving some of those complex problems and it all happens on the same platform: ServiceNow.
And IT teams that are working on the platform don’t have to adjust as they switch or swivel chair between solutions. They're very comfortable on the platform and the services available, whether that be Flow Designer, the reporting engine, etc.