Evolveum: Use of AI methods in Identity and Access Management
Identity and access management (IAM) deals with managing identities in cyberspace. IAM has difficulties scaling for large organizations given a huge number of users and their roles there. In this project, we analyze the possible uses of AI in IAM.
Evolveum is a developer of the open-source software midPoint, a unique solution combining identity management and identity governance with focus on technological and business requirements. Clients of midPoint have thousands (even tens of thousands) users with dozens of identities in different systems. This situation can be difficult to manage by hand. Some tasks like role mining, correlation of identities or outlier detection exhibit some level of repeatability in them.
This repeatability presents an opportunity to use AI methods to automate such tasks. However, AI in such a critical branch of IT should be applied with care. Hence, as the first step, the main goal of this project is to analyze the situation in IAM and possibilities of responsible use of AI in the midPoint solution. The goal is to identify possibilities of AI use from which clients can have real benefits. During our work and consultation, it will be important to take compiance with regulations and frameworks (e.g., ISO 27001, PCI DSS, HIPAA, NIST SP 800-53, GDPR, NIS) into account.
We will apply our AI expertise, together with Evolveum’s domain knowledge, to identify the best use of AI in the IAM domain where almost all the data is highly sensitive.
Efficiency is one of the key benefits that midPoint, the leading open source identity governance and administration platform, brings to organizations all around the world. Automation enables not just efficiency, but also quality of the processes. Within the cooperation with KInIT, we see a great potential of implementing AI into midPoint, and bringing the efficiency of the processes to another level.
Radovan Semančík
Software Architect, Evolveum
Project team
Peter Pištek
Researcher 10/2020-07/2024