everythingpossible - Fotolia
How can IT consolidate UEM and IAM tools?
As UEM tools begin to add IAM features and vice versa, IT should consider ways to bridge the gap. Determine how to combine the capabilities of each tool.
As capabilities overlap between unified endpoint management and identity and access management tools, IT should consider consolidating the two.
Unified endpoint management (UEM) vendors such as Citrix, VMware and Microsoft have added identity and access management (IAM) features into their suites of tools, especially through tighter integration with Active Directory and other directory services. And IAM vendors such as Okta Inc., RSA and Centrify have added more device management capabilities to their IAM tools, as well.
None of the current UEM tools have as many identity management features as the available IAM-specific tools. Most IAM tools provide a feature-rich way to manage the identities of users with profiles, multiple passwords, selected app interfacing, work groupings and extensive logging. Most UEM products, however, focus on the need to fully secure and manage the devices themselves through asset management, app management, updates, settings and profiles.
UEM tools have increasingly added IAM capabilities to their app management feature set with capabilities such as single sign-on (SSO), multiple work identities and Group Policies. VMware Workspace One includes VMware Identity Manager, an identity-as-a-service product that offers SSO and conditional access controls. MobileIron's UEM product also offers SSO, conditional access and multifactor authentication.
How to combine UEM and IAM tools
Many organizations require UEM to fully manage their variety of endpoint devices. But fewer organizations require IAM tools, despite their benefits. Organizations that currently have a UEM deployment without an IAM product should, at a minimum, enable the IAM features in their UEM suite, which will significantly enhance security and the end-user experience.
Several UEM tools offer integration points to IAM tools -- Citrix, for example, integrates with Okta -- so organizations that have an existing IAM product should look at the UEM control panel as a management or control path to IAM. This is not ideal, however, as many of the integrations are rudimentary and IT pros can address more features if they use the native IAM product interface. Ideally, organizations should use unified endpoint and identity management capabilities to better enforce consistent profiles and user access functions.
Organizations with a UEM product that does not currently offer IAM capabilities or integration with an existing IAM product should review their strategies and look for a more feature-rich product. Otherwise, they may end up with two independent systems, with neither being consistent or fully utilized. In the worst-case scenario, end users will have an undesirable experience, which will negatively affect both IAM and UEM adoption.