Managing SaaS ‘silos’


In organizations we’re working with here at Conformity, the need to manage and administer users independently for each SaaS application deployed in their environment is creating some interesting challenges. The impact of SaaS application ‘silos’ can be easily seen by envisioning the onboarding of a new sales rep, whose role requires they have access for example to for CRM, Xactly for commission management, Webex for collaboration, Concur for expense management and SuccessFactors for performance evaluation / management.


In today’s world this requires admins to independently login to five different administration consoles to set-up, administer and manage the new employee. The problems this creates?

  • Cross-functional coordination – with SaaS apps typically deployed at the departmental or functional level, the processes for cross-application user provisioning and ongoing management can quickly get time-consuming and complex for even small organizations. In the example above, we typically see Sales Ops providing support for CRM, commission management and collaboration, but also see operations or finance supporting expense or spend management applications and HR managing talent/benefits management application. In this world a sales rep above would be supported for their applicable apps across three separate admins across different functional areas. Is this the optimal approach? Should all admin/support activities be centrally managed by IT? By HR? The answer for the organizations we’re working with isn’t yet clear, but they do know that current siloed approaches won’t be sustainable.
  • User profiles and roles – every SaaS application differs in how they define organizational ‘profiles’ and ‘roles’, making it difficult if not impossible to create generic, cross-application roles. Creating a standard definition for example of a ‘sales rep’ across the five applications above , including applicable access privileges within each, requires the manual definition, management and maintenance of the profile outside of any of the applicable SaaS applications.

There’s also the analogous problem on the user side, with each application requiring our hypothetical sales rep to login to five separate sites each with different credentials. Federated identity management vendors such as Ping Identity though are starting to address the SaaS ‘single sign-on’ (SSO) issue with SAML / WS-Federation based-approaches.

While cross-application user provisioning and management isn’t a ‘show-stopper’ for SaaS adoption yet, it is creating some significant speed bumps for those who are attempting to leverage the SaaS model as broadly across their organizations as possible.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: