How ClearSkye IGA Takes the Pain Out of Identity Governance

eWEEK PRODUCT REVIEW & ANALYSIS: As digital transformation accelerates and more businesses move to distributed cloud services, Enterprise IT has come face-to-face with one of the most pressing challenges, managing identities and synchronizing security across those identities without losing sight of the who, what, why, when and where of access control.


Enterprises are starting to recognize the importance of properly managing the lifecycle of identities, yet recognition alone is not the basis for solving identity governance challenges. Challenges have been amplified by numerous factors, such as adopting cloud services, meeting compliance requirements and enforcing security policy, while also supporting a mobile or remote workforce. 

Perhaps the increased importance of identity governance can be attributed to how businesses have had to change to deal with the complications of functioning during a global pandemic, or perhaps due to the rise in cybercrime, such as ransomware attacks. Regardless, knowing who can access what and establishing control and management over that access has become one of the most critical tenets of cybersecurity.

Clear Skye, an identity access and management (IAM) software company, aims to bring control, simplicity and visibility to the complex process of identity governance. The company’s IGA solution takes a unique approach to bring unified control and visibility to the identity management process. Clear Skye has built its solution to run on the Now Platform, a component of ServiceNow’s cloud-based workflow solution.

Hands on with Clear Skye IGA

Clear Skye IGA is all about solving the complex problem of identity governance, a problem that is usually defined as a cumbersome, complex, manual task that can leave enterprises open to identity-related problems that can lead to severe cybersecurity issues. Clear Skye IGA goes about accomplishing that with a solution that brings automated workflows and integrated monitoring to identity lifecycle management. Clear Skye IGA runs as an identity governance and administration application natively on ServiceNow’s Now Platform. 

Once installed onto the Now platform, both administrators and business end-users’ access all of the functionality of Clear Skye IGA via the ubiquitous ServiceNow web portal. Similar to all ServiceNow applications, Clear Skye uses the first-class Service Catalog/Service Portal for end-users and the standard admin portal for IGA administrative function.

That offers several advantages to those new to the game of automating and streamlining identity governance. For example, Clear Skye IGA looks like just any other ServiceNow application and becomes immediately familiar to those already using ServiceNow for other workflows. What’s more, installation and configuration of the Clear Skye IGA application is very simple, since it just installs into ServiceNow. 

Clear Skye IGA presents itself in the form of modules for both end-users and administrators. For example, an end-user looking to gain access to a managed application would use the Request Access module, which presents a laundry list of requests that can drive a workflow to move the request forward. By simply clicking on the module, a service catalog is presented. Out of the box, Clear Skye IGA offers several predefined catalog items and administrators can define additional items or customize others. 

It is important to note that the catalog offerings drive actions, and in some cases those actions may be used by support personnel and not just end-users. What’s more, those actions can be further defined to drive other actions, present input forms or trigger events. The idea here is to bring flexibility to the concept of identity governance without creating any loopholes. All actions can be recorded and logged for compliance purposes and tracked from start to finish. That comes in handy when human interaction is needed during the workflow, such as having a manager approve a request or elevate a request to another manager.

However, Clear Skye IGA does a lot more than just route requests through a workflow. The application has intelligence and analytics capabilities, which can examine the request and offer critical information to approvers. For example, a request may create GDPR or other compliance concerns, or the request may violate established policies. Clear Skye IGA exposes those concerns to the approving manager and also records that information for audit purposes.

Administrators have the ability to define additional workflow steps, incorporate application connectors and bring more automation into the picture. Much of those capabilities are a result of Clear Skye IGA being built on the Now Platform, which gives the application access to the advanced workflow designer tools present in ServiceNow.

It is that flexibility which helps to make Clear Skye IGA stand out from the rest of the field. Administrators can insert additional logic into workflows to drive other actions. For example, a workflow could be modified to take into account training requirements or policy requirements that must be met before access can be granted. Workflows can also incorporate integrations with other external systems to completely customize the process.

The ServiceNow connection

As noted earlier, Clear Skye IGA runs on the ServiceNow platform, which offers several additional advantages that may be easily overlooked. While most people think of ServiceNow as a workflow automation solution, there is much more to the platform that proves critically important for an application such as Clear Skye IGA. Of course, there are some obvious advantages of the marriage of Clear Skye IGA and ServiceNow, such as the simplicity of a portal-based approach to handle the minutia of identity management, as well as the ability to drive workflows, automate tasks, and record activities. The integrated intelligence also brings analytics to the forefront of the identity process, ultimately lessening the burden on administrators, while reducing risk.

Yet, for all of those capabilities, one cannot ignore the power of being able to visualize data using ServiceNow’s reporting capabilities. Since everything done with Clear Skye IGA is recorded into ServiceNow, administrators have access to some powerful analysis tools. 

For example, numerous audit reports are included in the platform, which supports drilling down to the user level. Those reports can reveal trends for access requests, identify outliers and also serve as the basis for compliance reporting. The ability to create reports based upon numerous different criteria, whether it is based upon location, applications, departments, or even employee roles, means that cybersecurity professionals can become more proactive when it comes to managing identities. 

The inclusion of Clear Skye IGA data into the ServiceNow platform has additional implications, such as supporting GRC (Governance, Risk, Compliance), a trifecta of concerns that culminate in how well an enterprise can deal with risk. Simply put, a well-planned GRC strategy offers numerous benefits, which culminates in better decision making while reducing risk. It is the governance portion of GRC that proves most critical, because without governance, you cannot assess risk or prove compliance. Clear Skye IGA is able to provide the data, analytics, policies, and measurement needed to support GRC.


It is obvious that Clear Skye IGA marches to the beat of a different drummer, with the drummer in this case being ServiceNow. However, it is a partnership that works quite well, at least for those businesses using the ServiceNow platform. Most vendors in the IAM market tend to offer standalone solutions, which do not integrate with workflow platforms or leverage automation. However, those solutions may be a good fit for businesses not on the ServiceNow platform. Yet, for businesses that are using ServiceNow, Clear Skye IGA becomes almost a no-brainer. It offers critical capabilities and can be extended as far as any business needs, thanks to the Now platform. 

The extensive reporting, along with the reduction in operational overhead, thanks to automation, brings forth an IAM solution that could significantly save time for most IT departments, while addressing critical concerns around GRC. 

Frank Ohlhorst is a veteran IT product reviewer and analyst who has been an eWEEK regular for many years.