Identity at the Center

Identity at the Center

Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With decades of real-world IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry. Do you know who has access to what?

  1. vor 2 Tagen

    #433 - Sponsor Spotlight - FusionAuth

    Jim McDonald sits down with Dan Moore, Senior Director of CIAM Strategy and Identity Standards at FusionAuth, for an in-depth conversation on customer identity and access management. Dan explains how FusionAuth views authentication as the front door to any application and why control, deployment flexibility, and developer ownership are central to their approach. The discussion covers progressive registration, friction vs. usability, customization options, identity standards, the build vs. buy debate, risk-based MFA, and how AI agents will shape the future of customer identity. This episode and others is made possible with support from FusionAuth. Learn more at fusionauth.io/idac. Connect with Dan: https://www.linkedin.com/in/mooreds/ Learn more about FusionAuth: https://fusionauth.io/idac Blog article mentioned: https://bobdahacker.com/blog/fifa-hack Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com 00:00:00 Introduction 00:01:18 What is FusionAuth? 00:03:15 Dan's identity origin story 00:04:19 Developer focus and ethos 00:06:54 Authentication as the front door 00:10:00 Balancing friction and usability 00:15:24 Customization in CIAM 00:18:10 What sets FusionAuth apart 00:20:33 FusionAuth's customer sweet spot 00:25:48 Deployment flexibility and the control spectrum 00:30:19 Common challenges in CIAM 00:33:06 Build vs. buy for authentication 00:36:00 Omni-channel authentication 00:40:27 Why identity standards matter 00:42:07 Risk-based MFA and intelligent challenges 00:45:00 AI agents and the future of CIAM 00:49:23 Closing thoughts 00:51:35 Vacation roundup Keywords: IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Dan Moore, FusionAuth, CIAM, customer identity, authentication, access management, IAM, identity standards, MFA, risk-based authentication, progressive registration, OAuth, OIDC, SAML, AI agents, deployment flexibility, build vs buy, Sponsor Spotlight

    56 Min.
  2. vor 4 Tagen

    #432 - IdentiBeer Rome and 3 Courses of IAM with Alessandro Piscopo

    Jim McDonald takes the Identity at the Center podcast on the road to Rome, Italy, for a special two-part episode. The first segment is an IdentiBeer roundup where Jim gathers quick-fire takes from practitioners in the Italian IAM community, including Andrea Rossi and Alessandro Piscopo of IAMONES and Marco Venuti of Thales on the biggest trends shaping identity today. The second segment is a three-course meal where Jim sits down with Alessandro Piscopo, Head of AI and Co-founder at IAMONES, to discuss AI and identity over food and wine. Across a seafood starter, scialatielli alla pescatora, and tiramisu, the conversation covers the history of AI in identity, why LLMs represent a revolution rather than an evolution, the AI-first product philosophy versus retrofitting AI onto legacy systems, compute and architecture constraints facing large language models, and what life looks like for the IAM practitioner in 2030. Alessandro envisions an identity equivalent of Claude Code, a specialized AI tool that democratizes identity expertise the way coding assistants have transformed software development. 0:00 Intro and IdentiBeer Rome roundup 7:01 Alessandro on AI for IAM vs. IAM for AI 12:00 Three-course dinner begins - Course 1: Seafood starter 14:09 History of AI in identity, from ML models to LLMs 17:51 Course 2: Scialatielli alla pescatora and Falanghina wine 19:56 AI-first products vs. AI layered onto legacy systems 22:00 Transition period and the new world of identity 24:04 The ChatGPT moment vs. the iPhone moment 27:05 Compute constraints, energy costs, and architecture breakthroughs 30:46 Smaller models and cost-efficiency tradeoffs 32:35 Course 3: Tiramisu, baba, and espresso 33:00 Life as an IAM practitioner in 2030 35:19 Claude Code for IAM and democratizing identity tools 37:24 App store ecosystem analogy for AI platforms 43:07 Closing thoughts Keywords: IAM, identity and access management, AI for IAM, IAM for AI, agentic AI, non-human identity, IGA, LLMs, large language models, AI-first, machine learning, Alessandro Piscopo, IAMONES, Jim McDonald, Jeff Steadman, Identity at the Center, IDAC, IdentiBeer, Rome, Italy, Marco Venuti, Thales, Andrea Rossi, agentic identity, transformer architecture, compute efficiency, identity practitioner 2030, Claude Code for IAM, identity democratization, Identiverse, European Identity Conference

    44 Min.
  3. 29. Juni

    #431 - Tectonic Shifts in Identity Security with Martin Kuppinger

    Recorded live at EIC 2026 in Berlin, Jeff and Jim sit down with Martin Kuppinger, founder and distinguished analyst at KuppingerCole. They dig into the tectonic shifts AI is bringing to identity and security, the AI security fabric framework, why decentralized identity thinking may be essential for governing the agentic mesh, the ongoing debate over NHI terminology, what organizations can do tactically today, and what concerns Martin most about where the industry is heading by 2030. Connect with Martin: https://www.linkedin.com/in/martinkuppinger/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com 00:00 Introduction and Welcome 00:50 What a Distinguished Analyst Does 01:37 EIC 2026: Thought Leadership and Best Practice 04:17 Agentic AI: Non-Directed, Non-Deterministic Identity 08:22 Speed of Change: Tactical Now, Strategic Later 12:34 The AI Security Fabric: Five Capability Blocks 15:10 Identity Fabric Origins and Market Growth 18:27 Discovery as the Foundation for Governance 19:48 Governance, Explainability, and Organizational Gaps 22:00 Agent Lineage and Rethinking NHI Terminology 23:50 LLMs vs. Small Language Models 26:23 Is Agentic Identity a Genuinely New Problem? 32:29 Humanoid Robots and the Limits of AI Reasoning 37:05 Decentralized Identity, Trust Frameworks, and Signals 41:07 Identity Verification and Consent for Agents 48:42 What Concerns Martin About the Future of Identity 50:34 Favorite AI Application: Assisted Driving 55:00 Self-Driving Cars, Data, and Personal Privacy Keywords: Martin Kuppinger, KuppingerCole, EIC 2026, EIC Berlin, agentic AI, AI security fabric, identity fabric, decentralized identity, AI governance, non-human identity, autonomous identity, dependent identity, agent lineage, explainability, MCP server, small language models, verifiable credentials, risk-based authorization, OT security, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, IAM, identity security

    1 Std. 1 Min.
  4. 22. Juni

    #430 - AI for IAM and IAM for AI with Martin Sandren

    Recorded live at EIC 2026 in Berlin, Jeff and Jim sit down with Martin Sandren, IAM Product Lead at IKEA, for a wide-ranging conversation covering nearly every corner of modern identity security. Martin shares what has changed since his first IDAC appearance on episode 293, including the rise of AI, growing interest in digital sovereignty, and the maturing shared signals framework. The conversation moves through risk-based defense in depth, tiered MFA rollout strategies, session management, and the real challenge of trusting AI to make security decisions. Martin introduces identity dark matter and explains how IVIP can surface the 95-plus percent of applications that never reach an IGA system. The episode also covers shadow AI, MCP server risks, the SaaSpocalypse debate, and the EU AI Act. It closes on a grounded note: solar panels. Connect with Martin: https://www.linkedin.com/in/martinsandren/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com TIMESTAMPS 00:00 Welcome and EIC 2026 intro 01:47 What has changed in two years: AI, sovereignty, shared signals 03:06 Martin's EIC presentations: AI for IAM and IAM for AI 04:46 Can you prioritize one direction over the other? 07:13 What would it take to trust AI making identity decisions? 09:32 AI-enhanced detection and risk-based session management 13:07 Session invalidation and the shared signals framework 14:11 Defense in depth and right-sizing privileges 18:25 MFA today: any MFA versus phish-resistant MFA 19:17 AI chatbots, enterprise LLMs, and shadow AI 23:11 MCP servers, NHI risk, and return on risk thinking 27:00 AI configuring IAM systems: how close are we? 31:30 LLM costs, the SaaSpocalypse, and enterprise AI futures 40:10 Identity dark matter and the IVIP concept 44:16 CMDB versus IVIP: do you need both? 46:18 The EU AI Act and building an AI governance registry 49:18 Where to start: get your AI inventory in place first 50:00 Closing thoughts and the solar panel tangent KEYWORDS AI for IAM, IAM for AI, identity dark matter, IVIP, IGA, shared signals framework, phish-resistant MFA, defense in depth, session management, MCP servers, NHI, shadow AI, SaaSpocalypse, EU AI Act, AI governance, zero standing privilege, EIC 2026, IKEA, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Martin Sandren

    1 Std.
  5. 17. Juni

    #429 - Sponsor Spotlight - SailPoint

    This episode is presented courtesy of SailPoint. Rob Sebaugh, Senior Identity Strategist at SailPoint, joins Jeff and Jim for a wide-ranging conversation on the past, present, and future of identity governance. Rob brings more than two decades of practitioner experience to the table, including 16 years running large-scale identity programs before making the move to the vendor side. The conversation covers what identity governance means today, why it must move to the forefront rather than be treated as an afterthought in an agentic world, and how organizations need to think fundamentally differently about non-human identities. Jeff and Jim explore the concept of treating AI as a first-class identity, how AI is beginning to replace rubber-stamp access certifications, the shift toward policy-based access control, and the practical path toward zero standing privilege. The episode wraps with a lighter conversation about Rob's 3D printing hobby. About SailPoint: SailPoint (Nasdaq: SAIL) is defining the new era of adaptive identity security. In a world where non-human identities now significantly outnumber humans, our AI-powered platform unifies identity, security, and data intelligence to protect today’s enterprise from advanced identity-based threats. We deliver the identity solution that spans both the breadth of identities and the depth of context needed to drive real-time access with confidence. Built on principles like zero-standing privilege and contextualized risk, our SailPoint platform transforms identity from a point of vulnerability into a powerful security advantage. Trusted by many of the world's leading organizations, SailPoint secures the enterprise with intelligent, autonomous identity security. Learn more about SailPoint: https://www.sailpoint.com/ Connect with Rob: https://www.linkedin.com/in/rob-sebaugh-1ba9013/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Timestamps: 00:00 Introduction 00:48 Rob Sebaugh and the identity strategist role at SailPoint 04:38 Practitioner advice from the field 07:49 What SailPoint does: the hotel key analogy 11:04 Buying identity technology means buying a business process 13:30 What identity governance is and why it still matters 16:47 Risk-appropriate governance and privileged access 19:39 Non-human identities and the scale of the agentic challenge 22:57 Treating AI as a first-class identity 24:28 When AI makes governance decisions: beyond rubber stamping 28:04 Is identity governance a binary decision? 29:58 Securing data inside AI and large language models 34:09 Identity: the field that reinvents itself 35:01 Identity as the new control plane 37:21 Is all access privileged access? 40:25 Zero standing privilege in practice 44:22 Innovation, continuous identity, and what SailPoint is building 46:28 Identity posture management 50:13 Practitioner advice for the next three to five years 53:00 The future of IGA in ten years 57:44 Lighter note: 3D printing with Rob Sebaugh 1:05:35 Final thoughts on SailPoint Keywords: Rob Sebaugh, SailPoint, identity governance, identity security, IGA, non-human identities, agentic AI, zero standing privilege, just-in-time access, identity posture management, control plane, zero trust, policy-based access control, AI certification, rubber stamping, sponsor spotlight, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

    1 Std. 7 Min.
  6. 15. Juni

    #428 - Modernizing IGA with Thomas Zarnhofer

    Recorded live at EIC 2026 in Berlin, Jeff and Jim sit down with Thomas Zarnhofer, IAM Architect at a major retail company in central Europe. Thomas shares his experience leading a full IGA transformation from a decade-old on-premise system to a modern cloud-based platform. The conversation covers the shift from a contract-based to a person-based identity model, the importance of cleaning data before migration begins, a three-phase framework of Foundation, Migration, and Adoption, lessons learned from running two systems in parallel, and a look at how AI could make IGA predictive. The episode ends with Thomas's tips for visiting Austria. Connect with Thomas: https://www.linkedin.com/in/tzarnhofer/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com Timestamps 00:00 Introduction and EIC 2026 Setting 02:00 Thomas's Identity Origin Story 04:21 The Catalyst for IGA Modernization 07:43 Contract-Based vs Person-Based Identity Models 09:22 Consolidating Master Data Sources 11:39 Data Quality and Attribute Ownership 13:34 Partnering with HR for Clean Data 16:43 Data Analysis: Why They Chose Excel Over AI 17:53 Clean Your Data Before You Migrate 18:23 The Three Phases: Foundation, Migration, Adoption 20:12 Driving Adoption Across the Organization 21:10 Running Two Systems in Parallel 22:47 Challenge Everything vs Lift and Shift 27:23 Surprises in the Cloud IGA Journey 29:02 Testing Requirements in the Cloud 29:51 AI and the Future of IGA 32:25 AI Chatbots and Role Discovery 35:30 Scoping Business Role Visibility 36:06 Life Outside IAM: Travel and Austria Tips Keywords: IAM, IGA, Identity Governance, IGA Migration, On-Premises to Cloud, Identity Model, Contract-Based Identity, Person-Based Identity, Master Data, Data Quality, HR Integration, Joiner Mover Leaver, Cloud IGA, Retail IAM, EIC 2026, AI in IGA, Predictive IGA, Role Management, Access Governance, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Thomas Zarnhofer

    42 Min.
  7. 8. Juni

    #427 - Identiverse 2026 Preview with Heather Flanagan and Andi Hindle

    Jeff and Jim are joined by Heather Flanagan, Content Chair, and Andi Hindle, Conference Chair, for a full preview of Identiverse 2026 at Mandalay Bay in Las Vegas. They cover the 2026 theme of trust and change, why AI was removed as a standalone track and redistributed across all content areas, the provocative argument that non-human access now dramatically outpaces human access and is reshaping identity system design, whether authentication is truly solved, authorization as the harder unsolved problem, CFP surprises, networking events including Women at Identiverse, and predictions for 2027. Save 30% with code IDV26-IDAC30%. New IDPro members save $25 at idpro.org/idac. Connect with Heather: https://www.linkedin.com/in/hlflanagan/ Connect with Andi: https://www.linkedin.com/in/ahindle/ Identiverse 2026: https://events.identiverse.com/2026/begin?code=IDV26-IDAC30%25 Heather's IAM Conference List: https://github.com/fedidcg/meetings/wiki/2026-List-of-Identity-and-Related-Conferences-and-Standards-Development-Events Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com TIMESTAMPS 00:00:00 Introduction and SolarWinds breach banter 00:03:27 Identiverse preview and discount codes 00:06:10 Guest introductions 00:06:52 Role of Content Chair 00:08:46 Role of Conference Chair 00:11:16 2026 conference theme 00:15:00 AI as context, not a standalone track 00:16:32 Control plane vs enablement plane debate 00:22:19 What the industry is underestimating 00:24:00 Non-human access outpaces human access 00:26:52 Is authentication solved? Passkeys 00:30:31 Authorization: far from solved 00:36:04 Extensibility in standards and deployments 00:38:22 CFP surprises: fraud and identity proofing 00:41:48 Usability and UX gaps 00:43:18 Agentic AI: identity or governance? 00:47:55 Networking and newcomer programming 00:51:45 Women at Identiverse 00:52:46 AI-generated CFP submissions 00:55:00 Predictions for Identiverse 2027 00:58:04 Theme songs for Identiverse 2026 01:02:58 Heather's identity conference list on GitHub 01:04:47 Swag culture at identity conferences 01:12:25 Wrap-up KEYWORDS Identiverse 2026, Heather Flanagan, Andi Hindle, identity conference, NHI, non-human identity, agentic AI, passkeys, authentication, authorization, IAM, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, digital identity, continuous identity architecture, zero standing privilege, verifiable credentials, identity governance

    1 Std. 14 Min.
  8. 3. Juni

    #426 - Sponsor Spotlight - Crowdstrike

    This episode and the Identity at the Center podcast is supported by CrowdStrike. Learn more at crowdstrike.com. Jeff Steadman and Jim McDonald sit down with Scott Kriz, GM of Continuous Identity at CrowdStrike, for a deep dive into continuous identity, zero standing access, and the convergence of identity and security. Scott traces his path from co-founding Bitium, to selling it to Google Cloud, to building SGNL and ultimately joining CrowdStrike. The conversation covers how continuous identity works in practice, why traditional PAM and IGA fall short in a real-time world, and what the rise of agentic AI means for identity governance at scale. Connect with Scott: https://www.linkedin.com/in/scottkriz/ Learn more about Crowdstrike: https://www.crowdstrike.com/en-us/platform/next-gen-identity-security/caep/?idac Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com 00:00:00 Introduction and welcome 00:01:21 How Scott got into identity and co-founded Bitium 00:03:55 Selling to Google Cloud and the inspiration for SGNL 00:05:02 Continuous identity and zero standing access explained 00:09:13 Defining continuous identity at CrowdStrike 00:10:20 How continuous identity differs from PAM and IGA 00:15:06 Data as the foundation for continuous identity 00:19:29 Open ecosystems, Shared Signals Framework, and CAEP 00:25:26 Agents, identity chaining, SPIFFE, SPIRE, and MCP gateways 00:33:02 Identity inside CrowdStrike's broader security strategy 00:37:27 Identity security budgets and ROI-driven purchasing 00:40:04 Agentic scale and the need for automated identity controls 00:43:39 The SGNL acquisition: what it means for both companies 00:50:25 Zero trust as a real architectural framework 00:54:00 Helicopter skiing, avalanches, and staying present Keywords: IDAC, Identity at the Center, Jeff Steadman, Jim McDonald, Scott Kriz, CrowdStrike, SGNL, continuous identity, zero standing access, PAM, IGA, zero trust, agentic AI, non-human identity, NHI, SPIFFE, SPIRE, MCP, identity security, real-time authorization, cybersecurity

    1 Std. 2 Min.

Info

Identity at the Center is a weekly podcast all about identity security in the context of identity and access management (IAM). With decades of real-world IAM experience, hosts Jim McDonald and Jeff Steadman bring you conversations with news, topics, and guests from the identity management industry. Do you know who has access to what?

Das gefällt dir vielleicht auch