Distributed IAM Is Complex
- Managing each system and application separately is complex.
- Complexity is bad:
- Expensive: redundant updates to every system when hiring, moving or terminating users.
- Unfriendly: users have lots of different IDs and passwords, which they don't know how to manage.
- Insecure: mistakes are made and users get or retain
excess entitlements.
Orphan and dormant accounts.
Stale privileges.
- Every system and application added makes things worse.