Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

IT automation platforms: what identity teams should watch closely


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 9079
Topic starter  

TL;DR: Workato and Boomi are framed as IT automation options, but the article’s deeper implication is that workflow automation increasingly touches onboarding, offboarding, and app access decisions that sit inside identity governance. Zluri’s comparison surfaces operational convenience, while the security question remains whether automated actions are still governed with lifecycle discipline.

NHIMG editorial — based on content published by Zluri: IT Teams Workato vs Boomi: Which One To Choose?

By the numbers:

Questions worth separating out

Q: How should security teams govern automated onboarding and offboarding workflows?

A: Security teams should govern automated lifecycle workflows like any other access control path: define ownership, constrain the entitlement set, and verify that revocation reaches every connected system.

Q: When do workflow automation tools create identity risk instead of reducing it?

A: They create identity risk when they move access decisions faster than the organisation can review, audit, and revoke them.

Q: What do IAM teams need to check in self-service app stores?

A: IAM teams should check which applications are listed, who can approve them, and what entitlement bundle is granted behind each request.

Practitioner guidance

  • Define workflow ownership for every access-changing automation Assign an explicit business owner and identity owner to each onboarding, approval, and offboarding flow so changes cannot be made without accountable review.
  • Audit revocation paths end to end Test whether offboarding removes access from SaaS apps, directory groups, and manually granted permissions, including any shadow integrations outside the primary workflow.
  • Treat app catalog curation as a governance process Review pre-approved applications on a scheduled basis and remove apps whose risk profile, data access, or ownership no longer matches current policy.

What's in the full article

Zluri's full article covers the operational detail this post intentionally leaves for the source:

  • Detailed side-by-side feature comparison across integration, automation, and pricing approaches
  • Step-by-step workflow examples for onboarding, approval handling, and offboarding in Zluri
  • Specific product interface details such as recommended apps, in-app suggestions, and automation rules
  • Discovery and renewal management capabilities that sit outside the broader IAM interpretation in this post

👉 Read Zluri's comparison of Workato and Boomi for IT automation teams →

IT automation platforms: what identity teams should watch closely?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 8508
 

Automation is not the same thing as identity governance. Platforms can speed up onboarding, routing, and deprovisioning, but speed does not equal control. When access decisions are embedded in workflow logic, the real governance question becomes whether those actions are reviewable, reversible, and tied to a defensible policy model. Practitioners should treat automation as an execution layer, not an entitlement authority.

A few things that frame the scale:

  • 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
  • Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.

A question worth separating out:

Q: How can organisations tell whether lifecycle automation is actually working?

A: Look for complete removal of access after offboarding, consistent approval records, and no orphaned permissions in downstream systems. If users or former users still retain access through direct grants, manual exceptions, or forgotten app connections, the automation is only partly effective.

👉 Read our full editorial: Workato vs Boomi highlights the identity governance gap in IT automation



   
ReplyQuote
Share: