Aquera: Identity Integration Gaps Closed

Reed Henry, CEO
Identity access management and governance starts the moment an employee joins an organization. The dream is to automate everything else downstream from there, but for most organizations that it isn’t possible. Today, once an employee is entered into a company’s HR management system, the employee data often has to then be manually entered into the various applications, directories and devices, such as Active Directory and other business applications. Identity access (IAM) and governance (IGA) platforms are often purchased to bring automation and governance to this very problem, but these platforms are hindered with a lack of connectivity. The challenge is twofold. First, most HR applications are not automatically synchronized with the IT infrastructure or IAM/IGA platforms. It is not uncommon for IT staff to manually enter employees into Active Directory and other business and IT infrastructure applications. Secondly, once the identity platforms are populated with employee information they lack the connectivity to communicate with downstream applications to retrieve account entitlements for identity governance certification or to automatically provision and de-provision access to applications. Simply put, there are limited out-of-the-box connectors for both the downstream applications and the HR applications. This results in partially deployed IAM/IGA platforms and an explosion of compensating manual processes to close the gap.

So, what are the ramifications of these incomplete identity platform deployments? First, the promised ROIs of identity platform investments are not realized. Secondly, employees have to wait for manual processes to complete to gain access to the applications they need to do their jobs. Next, departing employees are not removed from the applications they have been assigned, leaving open security holes. Next, identity governance of applications that are not integrated with the IGA platforms require manual processes that manage file extracts of accounts and their entitlements from each application. The resulting manual processes require continually auditing by both internal and external auditors to ensure the integrity of the files that are handled by staff. The common result of all this is the addition of staff to handle all the manual compensating processes and unrealized value from identity management platform investments.

One of the first vendors to find a simple and effective solution to this problem is Silicon Valley-based Aquera. By leveraging System for Cross-Domain Identity Management (SCIM), an open standard that defines schema and protocols for automating the exchange of user identity information between identity domains or IT systems, Aquera has developed a ‘first-of-its-kind’ identity integration platform as a service.
The company’s identity integration platform is comprised of point-and-click SCIM gateway and Orchestration modules that bridge the real-time connectivity gaps for HR applications and identity governance and lifecycle management platforms. The Aquera SCIM Gateway allows any identity management solution to integrate with any endpoint cloud or on-premise application, database, directory, or device for effectively managing identity lifecycle and governance functions. The Aquera Orchestration module provides the required scheduling, field mapping, and delta detection capabilities to synchronize changes from any HR application to any identity management platform such as Okta and SailPoint, or any directory such as Active Directory and JumpCloud. According to Reed Henry, CEO of Aquera, “The Aquera platform currently supports over 300 prebuilt connectors for HR synchronization, governance entitlement aggregation and identity lifecycle management, and we add new connectors, on-demand, in a few days each.”

Aquera’s platform boasts many innovative modules that are “first-ever” in the industry. These include an HR-driven identity onboarding bridge syncing HR data to any application or identity platform, and an automation module for the workflow associated with file extracts of account entitlements from disconnected applications. “Our portfolio helps clients integrate HR systems with the identity infrastructure and use a single unified API across their entire IT infrastructure which allows their chosen IAM and IGA platforms to coordinate all identity and access management processes,” according Jerry Waldorf, CTO of Aquera.

Highlighting the value of its solutions, Henry shared customer stories. One instance was with a large pharmaceutical customer that used Okta and Aquera to automate the onboarding and offboarding of employees across their organization. Second, a regional bank with SailPoint IdentityIQ is using Aquera’s real-time connectors to automate the provisioning and aggregation of their core applications and for the remainder, Aquera automated the manual handling processes for the user entitlement file extracts. Another example shared was abouta regional retailer that used Aquera to synchronize ADP Workforce Now to Active Directory, facilitating their HR-driven IT infrastructure.

With its track record of providing out-of-the-box simple and effective identity integration for applications and IT infrastructure, Aquera is poised to scale rapidly as it is discovered by more organizations. And with the breadth of the platform’s functionalities, Aquera is positioned well to drive identity integration across all organizational operations. “We aim to resolve all identity integration challenges and enhance the identity governance ofbusiness applications to better protect organizations and automate their employee onboarding and offboarding IT processes,” concludes Henry.


Palo Alto, CA

Reed Henry, CEO and Jerry Waldorf, CTO

Based in Palo Alto, CA, Aquera is the SaaS cloud provider of the Aquera Identity Integration Platform as a Service, which closes the connectivity gaps for real-time identity governance and lifecycle management workflows. The platform offers SCIM gateway services for account provisioning and aggregation, orchestration services for user and password synchronization, and workflow services for the governance of disconnected applications. Out-of-the-box and built on-demand connectivity is plug-n-play from any identity management platform or HR application to any cloud or on-premises application, database, directory, device, or B2B portal. The identity integrations require zero coding and rapidly deploy in minutes